CVE-2024-9270

Vulnerability

Overview

The Lenxel Core for Lenxel(LNX) LMS WordPress plugin, in versions up to and including 1.2.3, contains a Stored Cross-Site Scripting (XSS) vulnerability due to insufficient input sanitization and output escaping when processing SVG file uploads [1]. This flaw allows authenticated attackers to inject arbitrary web scripts that execute when a user accesses the uploaded SVG file.

Exploitation

Prerequisites

To exploit this vulnerability, an attacker must have at least Author-level access to the WordPress site [1]. The attacker can then upload a malicious SVG file containing embedded JavaScript or other script content. Since the plugin fails to properly sanitize the SVG content and escape it during output, the injected script is stored on the server and later executed in the context of any user's browser that views the file.

Potential

Impact

Successful exploitation enables the attacker to perform actions such as stealing session cookies, redirecting users to phishing sites, or defacing pages. Because the script executes in the context of the vulnerable WordPress instance, it can lead to privilege escalation if an administrator views the malicious SVG file.

Mitigation

Status

As of the publication date, a patched version (1.2.4 or later) is likely available from the WordPress plugin repository [1]. Users are strongly advised to update the Lenxel Core plugin to the latest version to remediate this vulnerability.