CVE-2024-12628

Vulnerability

Overview

The bodi0's Easy Cache plugin for WordPress (versions up to and including 0.8) is vulnerable to stored cross-site scripting (XSS) due to insufficient input sanitization and output escaping of the 'cache-folder' parameter. This flaw allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts that are stored and executed when other users access the affected page. The vulnerability is exploitable only on multi-site installations or environments where the unfiltered_html capability has been disabled [1].

Exploitation

Prerequisites

To exploit this vulnerability, an attacker must have administrator-level access to the WordPress site. The attack vector is the 'cache-folder' parameter, which is not properly sanitized before being stored and later rendered. The stored malicious script will execute in the browser of any user who visits the page containing the injected payload. The vulnerability is limited to multi-site setups or sites where unfiltered_html is disabled, as these conditions prevent administrators from normally using unfiltered HTML [1].

Impact

Successful exploitation can lead to session compromise, cookie theft, and account takeover. The persistent nature of stored XSS means the injected script remains active until removed, potentially affecting multiple users over time. Attackers could also redirect users to malicious sites or execute arbitrary code in the victim's browser, leading to further compromise [1].

Mitigation

As of the publication date, no patch has been released for this vulnerability. Users are advised to disable the plugin on affected installations or restrict administrator access to trusted users only. The vulnerability is not exploitable on standard single-site installations where unfiltered_html is enabled by default [1].