CVERadar

CVE-2024-4439

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.91242/1

CVE-2024-4439 is a stored Cross-Site Scripting (XSS) vulnerability in WordPress Core affecting versions up to 6.5.2. This flaw allows attackers to inject malicious web scripts into pages through user display names in the Avatar block. Authenticated users with contributor-level access or higher, and even unauthenticated attackers via comment sections, can exploit this by injecting scripts that execute when users access the affected page. With an SVRS of 30, while not critical, this vulnerability poses a moderate risk, especially as it is tagged as "In The Wild" and "Exploit Available," meaning it's actively being exploited. The primary risk is unauthorized script execution leading to potential account compromise, data theft, or defacement of WordPress sites. Immediate patching is crucial to mitigate these risks.

TAGS

In The Wild

Exploit Avaliable

VECTOR STRING

PUBLICATION DATE2024-05-03

LAST MODIFIED2024-07-03

SOCRadar

AI Insight

Description:

CVE-2024-4439 is a Stored Cross-Site Scripting (XSS) vulnerability in WordPress Core, allowing authenticated attackers with contributor-level access or above to inject malicious scripts into pages. Unauthenticated attackers can also exploit this vulnerability if the comment block is present and displays the comment author's avatar.

Key Insights:

High Severity: The SVRS of 62 indicates a moderate level of severity, highlighting the need for prompt attention.
Active Exploitation: Active exploits have been published, indicating that attackers are actively exploiting this vulnerability.
Wide Impact: The vulnerability affects various versions of WordPress Core up to 6.5.2, potentially impacting a large number of websites.
Threat Actors: Specific threat actors or APT groups exploiting this vulnerability are not currently identified.

Mitigation Strategies:

Update WordPress: Install the latest WordPress version (6.5.3) to patch the vulnerability.
Disable Comment Block: If the comment block is not essential, disable it to prevent unauthenticated attackers from exploiting the vulnerability.
Restrict User Permissions: Limit user permissions to the minimum necessary to reduce the risk of authenticated attackers exploiting the vulnerability.
Implement Web Application Firewall (WAF): Configure a WAF to block malicious requests and protect against XSS attacks.

Additional Information:

The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
Users with additional queries can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

Title	Software Link	Date
MielPopsssssss/CVE-2024-4439	https://github.com/MielPopsssssss/CVE-2024-4439	2024-05-06
d0rb/CVE-2024-4439	https://github.com/d0rb/CVE-2024-4439	2024-05-06
w0r1i0g1ht/CVE-2024-4439	https://github.com/w0r1i0g1ht/CVE-2024-4439	2024-11-21

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-4439 | WordPress up to 6.5.1 Avatar Block cross site scripting (ID 57951)

vuldb.com2025-04-02

CVE-2024-4439 | WordPress up to 6.5.1 Avatar Block cross site scripting (ID 57951) | A vulnerability classified as problematic was found in WordPress up to 6.5.1. This vulnerability affects unknown code of the component Avatar Block. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-4439. The attack can be initiated remotely. There is no exploit available. It is recommended

vuldb.com

rss

forum

news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php
[email protected]	https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=57950%40%2F&new=57950%40%2F&sfp_email=&sfph_mail=#file3
[email protected]	https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
[email protected]	https://www.wordfence.com/blog/2024/04/unauthenticated-stored-cross-site-scripting-vulnerability-patched-in-wordpress-core/
[email protected]	https://www.wordfence.com/threat-intel/vulnerabilities/id/e363c09a-4381-4b3a-951c-9a0ff5669016?source=cve

CWE Details

CWE ID	CWE Name	Description
CWE-80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as <, >, and & that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence