CVE-2024-10144 is a medium-severity stored Cross-Site Scripting (XSS) vulnerability identified in the Photo Gallery, Images, Slider component of the Rbs Image Gallery WordPress plugin, affecting versions prior to 3.2.22. The vulnerability arises because certain plugin settings are not properly sanitized or escaped before being stored and rendered. This flaw allows users with high privileges, such as contributors, to inject malicious scripts that persist in the application. Notably, this exploit is possible even when the unfiltered_html capability is disabled, which is a common restriction in multisite WordPress environments to prevent script injection. The vulnerability leverages CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 score of 4.8 reflects a medium severity with characteristics: network attack vector, low attack complexity, requiring high privileges, user interaction needed, and a scope change. The impact primarily affects confidentiality and integrity, as the injected scripts can execute in the context of other users, potentially leading to session hijacking, defacement, or unauthorized actions. Availability is not impacted. There are no known exploits in the wild yet, and no official patches or updates have been linked, though the issue is documented and published by WPScan and CISA. The vulnerability is particularly relevant in multisite WordPress deployments where contributors have limited HTML capabilities but can still exploit this flaw to inject persistent malicious code.

For European organizations, especially those using WordPress multisite setups with the Rbs Image Gallery plugin, this vulnerability poses a risk of persistent XSS attacks that can compromise user sessions, steal sensitive data, or manipulate site content. Organizations in sectors such as media, education, and government that rely on WordPress for content management and allow contributor-level access to multiple users are at heightened risk. The exploitation could lead to reputational damage, data breaches involving personal data protected under GDPR, and potential regulatory penalties. Since the vulnerability requires high privileges but not full administrative rights, insider threats or compromised contributor accounts could be leveraged by attackers. The scope change in the CVSS vector indicates that the vulnerability can affect resources beyond the initially compromised component, potentially impacting the broader site or network. Although no active exploits are reported, the presence of this vulnerability in widely used CMS environments in Europe underscores the need for prompt mitigation to prevent future attacks.

European organizations should immediately audit their WordPress installations to identify the presence of the Rbs Image Gallery plugin and verify its version. Upgrading to version 3.2.22 or later, where the vulnerability is fixed, is the primary mitigation step. If an upgrade is not immediately possible, organizations should restrict contributor-level permissions further, limiting access to plugin settings or disabling the plugin temporarily. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injections targeting the plugin’s settings fields can provide interim protection. Additionally, organizations should enforce strict content security policies (CSP) to reduce the impact of any injected scripts. Regular security training for contributors to recognize phishing or social engineering attempts that could lead to account compromise is recommended. Monitoring logs for unusual activity related to plugin settings changes or contributor actions can help detect exploitation attempts early. Finally, organizations should subscribe to vulnerability feeds and vendor advisories to apply patches promptly once available.