CVE-2024-38720

Summary

The EazyDocs plugin for WordPress, versions up to and including 2.5.0, is vulnerable to Stored Cross-Site Scripting (XSS) due to improper neutralization of user-supplied input during page generation. This flaw occurs when editor-level users are able to insert arbitrary JavaScript into documents, which is then executed when other users view the affected content [1].

Exploitation

To exploit this vulnerability, an attacker must first gain contributor-level access to a WordPress site using the EazyDocs plugin. Once authenticated, they can craft a malicious document or update an existing one with embedded JavaScript. When an administrator or any site visitor views the infected document, the script executes, potentially compromising the session or altering page content [1].

Impact

Successful exploitation allows an attacker to steal session cookies, redirect visitors to malicious sites, or inject advertisements and other HTML payloads. This can lead to privilege escalation if an administrator's session is hijacked, or defacement of the website [1]. The CVSS v3.1 base score of 6.5 reflects the medium severity due to the requirement for authenticated access and user interaction.

Mitigation

The vendor has released version 2.5.1 which corrects the input sanitization flaw. Users are strongly advised to update immediately. For sites that cannot be updated, Patchstack recommends enabling auto-updates or applying a virtual patch through a web application firewall [1]. No workaround beyond updating has been confirmed.