CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12621

High Severity
SVRS
60/100
CVSSv3
6.4/10
EPSS
0.00036/1

CVE-2024-12621 is a Stored Cross-Site Scripting (XSS) vulnerability in the Yumpu E-Paper publishing plugin for WordPress. This flaw allows authenticated attackers with contributor-level access or higher to inject malicious web scripts into WordPress pages. The vulnerability exists due to insufficient sanitization of user-supplied attributes within the 'YUMPU' shortcode, affecting versions up to and including 3.0.8.

While the CVSS score is 6.4, the SOCRadar Vulnerability Risk Score (SVRS) is 60, indicating a moderate risk level. Successful exploitation of CVE-2024-12621 can lead to session hijacking, defacement of websites, or redirection of users to malicious sites. This poses a significant threat to website security and user data. Immediate patching or mitigation measures are recommended to prevent potential attacks. The presence of "In The Wild" tag suggests that this CVE is actively being exploited, highlighting the urgency of addressing this vulnerability.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:C
C:L
I:L
A:N
PUBLICATION DATE2025-01-09
LAST MODIFIED2025-01-09
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12621 affects the Yumpu E-Paper publishing plugin for WordPress, specifically versions 3.0.8 and below. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes within the plugin's 'YUMPU' shortcode. This flaw allows authenticated attackers with contributor-level access or higher to inject malicious JavaScript code into pages. When a user visits an injected page, the malicious script executes, potentially leading to data theft, account compromise, and other security breaches.

While the CVSS score is 6.4, indicating a medium severity, the SOCRadar Vulnerability Risk Score (SVRS) is 38, signifying a lower urgency level. This discrepancy stems from the SVRS incorporating a wider range of threat intelligence, including social media, news, and dark web data, leading to a more nuanced assessment.

Key Insights

  1. Impact: The vulnerability allows attackers to inject arbitrary JavaScript code, potentially executing malicious scripts on a user's browser. This could lead to data exfiltration, account takeover, or the installation of malware.
  2. Attack Vector: Authenticated attackers with contributor-level access or higher can exploit this vulnerability. This means attackers with legitimate access to the WordPress site can leverage this flaw.
  3. Exploit Status: While active exploits have not been publicly reported, the vulnerability is potentially exploitable, and the ease of injecting JavaScript makes it a target for malicious actors.
  4. Mitigation: The vulnerability is relatively straightforward to exploit, and attackers could easily weaponize it. Therefore, immediate action is necessary to patch the vulnerability and mitigate potential risks.

Mitigation Strategies

  1. Update the Plugin: The most crucial mitigation strategy is to update the Yumpu E-Paper publishing plugin to version 3.0.9 or later. This update includes security patches addressing the vulnerability, effectively eliminating the risk.
  2. Limit User Privileges: Restricting user privileges to the minimum necessary level reduces the potential impact of this vulnerability. If contributors do not need access to edit shortcode attributes, limiting their access can significantly reduce the risk.
  3. Implement a Web Application Firewall (WAF): Deploying a WAF can help prevent the injection of malicious JavaScript code by filtering out malicious requests at the network level.
  4. Regular Security Audits: Conduct frequent security audits to identify and remediate vulnerabilities. This proactive approach helps identify potential weaknesses before they can be exploited.

Additional Information

If you have further questions regarding this incident, you can use the "Ask to Analyst" feature on SOCRadar's platform, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-12621 | Yumpu E-Paper Publishing Plugin up to 3.0.8 on WordPress cross site scripting
vuldb.com2025-01-09
CVE-2024-12621 | Yumpu E-Paper Publishing Plugin up to 3.0.8 on WordPress cross site scripting | A vulnerability was found in Yumpu E-Paper Publishing Plugin up to 3.0.8 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12621. It is possible to launch the attack remotely. There is no exploit available
vuldb.com
rss
forum
news

Social Media

CVE-2024-12621 Stored Cross-Site Scripting in Yumpu WordPress Plugin Up to 3.0.8 The Yumpu E-Paper plugin for WordPress has a Stored Cross-Site Scripting vulnerability. This issue affects all versions up to 3.0.8... https://t.co/Ygu7XnVI25
0
0
0
CVE-2024-12621 The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including… https://t.co/vesBPbkOIq
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://plugins.trac.wordpress.org/browser/yumpu-epaper-publishing/tags/3.0.8/lib/Shortcode.php#L24
[email protected]https://plugins.trac.wordpress.org/browser/yumpu-epaper-publishing/tags/3.0.8/lib/Shortcode.php#L81
[email protected]https://www.wordfence.com/threat-intel/vulnerabilities/id/60c0db19-deda-4b95-a341-cf33883dc9b4?source=cve

CWE Details

CWE IDCWE NameDescription
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence