CVE-2024-10788 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in the WordPress plugin 'Activity Log – Monitor & Record User Changes' developed by pojome. This vulnerability affects all versions up to and including 2.11.1. The root cause is insufficient sanitization and escaping of input data, specifically the event parameters used in the plugin's web page generation. An unauthenticated attacker can exploit this flaw by injecting arbitrary JavaScript code into the event parameters, which are then stored persistently. When an administrative user accesses the affected page, the malicious script executes in their browser context. This can lead to a range of attacks, including theft of admin credentials, session hijacking, or performing unauthorized actions with admin privileges. The vulnerability has a CVSS 3.1 base score of 7.2, reflecting its high severity due to network attack vector, no required privileges or user interaction, and a scope change affecting confidentiality and integrity. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability was publicly disclosed on November 21, 2024, with the CVE reserved earlier that month. Given the plugin's role in monitoring user changes, the impact on administrative workflows and site security is significant.

The impact of CVE-2024-10788 is substantial for organizations using the vulnerable WordPress plugin. Successful exploitation allows unauthenticated attackers to execute arbitrary scripts in the context of administrative users, potentially leading to credential theft, session hijacking, or unauthorized administrative actions. This compromises the confidentiality and integrity of the affected systems without affecting availability. Since administrative accounts typically have broad control over WordPress sites, attackers could escalate their access to deploy malware, alter site content, or exfiltrate sensitive data. The vulnerability's network accessibility and lack of required authentication increase the risk of widespread exploitation, especially on sites with multiple administrators. Organizations relying on this plugin for audit and monitoring functions may face operational disruptions and loss of trust if exploited. The absence of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score and public disclosure suggest attackers may develop exploits soon. Overall, the threat poses a critical risk to the security posture of WordPress sites globally, particularly those with high administrative activity.

To mitigate CVE-2024-10788, organizations should immediately upgrade the 'Activity Log – Monitor & Record User Changes' plugin to a patched version once available. In the absence of an official patch, administrators should consider temporarily disabling the plugin to prevent exploitation. Implementing a Web Application Firewall (WAF) with rules to detect and block suspicious input patterns related to event parameters can reduce attack surface. Restrict administrative access to trusted IP addresses and enforce multi-factor authentication (MFA) to limit the impact of potential credential theft. Regularly audit logs for unusual activity or unexpected script injections. Additionally, sanitize and validate all user inputs at the application level, and apply output encoding to prevent script execution. Monitoring WordPress security advisories and subscribing to vulnerability feeds will help maintain awareness of updates. Finally, educate administrators about the risks of XSS and encourage cautious behavior when interacting with plugin-generated pages.