CVE-2024-12112 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Easy Form Builder WordPress plugin, which supports contact forms, survey forms, payment forms, and custom form creation. The vulnerability exists due to improper neutralization of input during web page generation (CWE-79). Specifically, the 'name' parameter in the 'add_form_Emsfb' AJAX action is not properly sanitized or escaped before being stored and rendered, allowing malicious script injection. Additionally, the plugin lacks adequate authorization checks, enabling any authenticated user with Subscriber-level access or higher to exploit this flaw. When a victim accesses a page containing the injected script, the malicious payload executes in their browser context, potentially leading to session hijacking, data theft, or unauthorized actions performed on behalf of the victim. The vulnerability affects all versions up to and including 3.8.8 of the plugin. The CVSS v3.1 base score is 6.4, reflecting network attack vector, low attack complexity, privileges required, no user interaction, and impacts on confidentiality and integrity with no availability impact. No public exploits have been reported yet, but the vulnerability's presence in a widely used WordPress plugin makes it a notable risk. The lack of patch links suggests that a fix may not yet be available or publicly disclosed, emphasizing the need for immediate attention from site administrators.

The primary impact of CVE-2024-12112 is the compromise of confidentiality and integrity within affected WordPress sites. Exploitation allows attackers to inject persistent malicious scripts that execute in the browsers of site visitors or administrators, potentially enabling session hijacking, credential theft, unauthorized actions, or distribution of malware. This can lead to data breaches, defacement, loss of user trust, and regulatory compliance issues. Since the vulnerability requires only Subscriber-level authentication, attackers can leverage compromised or low-privilege accounts to escalate their impact. The scope includes any WordPress site using the Easy Form Builder plugin up to version 3.8.8, which may be numerous given WordPress's market share. The absence of user interaction for exploitation increases risk, as scripts execute automatically when pages are viewed. Organizations relying on this plugin for critical forms, including payment forms, face heightened risk of financial fraud or data leakage. Overall, the vulnerability can undermine website security, user privacy, and organizational reputation.

1. Immediate upgrade: Monitor the plugin vendor’s official channels for a security patch or updated version that addresses CVE-2024-12112 and apply it promptly once available. 2. Access control review: Restrict Subscriber-level user creation and permissions to trusted users only, minimizing the risk of malicious input from low-privilege accounts. 3. Input validation: Implement additional server-side input validation and sanitization for the 'name' parameter in the AJAX action, using established libraries or frameworks to neutralize scripts. 4. Output encoding: Ensure all user-supplied data rendered in web pages is properly escaped or encoded to prevent script execution. 5. Web Application Firewall (WAF): Deploy or update WAF rules to detect and block attempts to exploit this XSS vector, focusing on suspicious payloads in the 'name' parameter. 6. Monitoring and logging: Enable detailed logging of AJAX requests and monitor for unusual activity or repeated injection attempts. 7. User awareness: Educate site administrators and users about the risks of XSS and encourage cautious handling of user-generated content. 8. Temporary disabling: If patching is not immediately possible, consider disabling the vulnerable plugin or the affected AJAX functionality until a fix is available. 9. Least privilege principle: Limit plugin usage and administrative access to reduce attack surface. 10. Backup and recovery: Maintain regular backups to enable quick restoration in case of compromise.