CVE-2024-12240 is a stored cross-site scripting vulnerability identified in the Page Builder by SiteOrigin plugin for WordPress, affecting all versions up to and including 2.31.0. The vulnerability stems from improper neutralization of input during web page generation, specifically through the 'row label' parameter. Authenticated attackers with Contributor-level permissions or higher can inject arbitrary JavaScript code into pages. Because the malicious script is stored persistently, it executes every time a user accesses the infected page, potentially compromising user sessions, stealing cookies, or performing actions on behalf of users. The vulnerability does not require user interaction beyond visiting the page and has a CVSS 3.1 base score of 6.4, reflecting medium severity with network attack vector, low attack complexity, and privileges required. The scope is changed (S:C) because the vulnerability can affect other users beyond the attacker. No patches are currently linked, and no known exploits have been reported in the wild. The vulnerability is classified under CWE-79, indicating improper input sanitization and output escaping in web applications. Given the widespread use of WordPress and the popularity of SiteOrigin's Page Builder plugin, this vulnerability poses a significant risk to many websites globally.

The impact of CVE-2024-12240 is primarily on the confidentiality and integrity of affected websites and their users. Exploitation allows attackers to execute arbitrary scripts in the context of the victim’s browser, potentially leading to session hijacking, credential theft, defacement, or distribution of malware. Since the vulnerability requires authenticated access at Contributor level or above, it limits exploitation to users who already have some level of trust or access, but this is common in multi-user WordPress environments such as editorial teams or contributors. The scope change means that the attacker can affect other users beyond themselves, increasing the risk to site visitors and administrators. While availability is not directly impacted, the trustworthiness and security posture of the website can be severely undermined. Organizations relying on this plugin for content management and page building may face reputational damage, data breaches, and compliance issues if exploited.

To mitigate CVE-2024-12240, organizations should first check for and apply any official patches or updates from SiteOrigin as soon as they become available. In the absence of patches, administrators should restrict Contributor-level access to trusted users only and review user roles and permissions to minimize risk. Implementing a Web Application Firewall (WAF) with rules to detect and block malicious script injections targeting the 'row label' parameter can provide temporary protection. Additionally, site owners should enable Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. Regularly audit and sanitize user-generated content, especially from users with elevated privileges. Monitoring logs for unusual activity related to page edits or script injections can help detect exploitation attempts early. Finally, educating content contributors about safe input practices and the risks of injecting scripts can reduce accidental exploitation.