CVE-2024-4004 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Advanced Cron Manager WordPress plugin prior to version 2.5.7. The root cause is the plugin's failure to properly sanitize and escape certain settings fields, which allows high-privilege users, such as administrators, to inject malicious JavaScript code. This vulnerability is notable because it can be exploited even when the WordPress unfiltered_html capability is disabled, a common restriction in multisite environments to prevent script injection. The attack vector requires authenticated access with high privileges (admin level) and user interaction to trigger the malicious payload. Exploiting this vulnerability could allow attackers to execute arbitrary scripts in the context of the WordPress admin dashboard, potentially leading to session hijacking, privilege escalation, or manipulation of site content and settings. The CVSS 3.1 score is 3.5, indicating low severity due to the requirement of high privileges and user interaction, and the limited impact on confidentiality and integrity. No public exploits or active exploitation have been reported. The vulnerability underscores the importance of proper input validation and escaping in WordPress plugins, especially those managing critical site functions like cron jobs.

For European organizations using WordPress sites with the Advanced Cron Manager plugin, this vulnerability could allow an attacker with administrative access to inject malicious scripts, potentially compromising the integrity and confidentiality of the WordPress admin session. While the impact is limited by the need for high privileges and user interaction, exploitation could lead to session hijacking, unauthorized changes to site configurations, or further lateral movement within the site environment. Organizations with multisite WordPress deployments are particularly at risk since the vulnerability bypasses the unfiltered_html capability restriction. This could affect the availability of administrative functions if attackers manipulate cron jobs or site settings maliciously. Although no known exploits exist in the wild, the presence of this vulnerability increases the attack surface for insider threats or compromised admin accounts. The overall risk to European organizations depends on the prevalence of this plugin in their WordPress installations and the security posture of their administrative user accounts.

1. Immediately update the Advanced Cron Manager plugin to version 2.5.7 or later, where this vulnerability is fixed. 2. Restrict administrative access to trusted personnel only and enforce strong authentication mechanisms such as MFA to reduce the risk of compromised admin accounts. 3. Regularly audit WordPress user roles and capabilities to ensure that only necessary users have high privileges. 4. Implement Content Security Policy (CSP) headers to limit the impact of potential XSS payloads by restricting script execution sources. 5. Monitor WordPress logs and plugin settings for unusual changes or script injections. 6. In multisite environments, review and tighten restrictions on plugin installations and updates. 7. Employ web application firewalls (WAFs) that can detect and block XSS attack patterns targeting WordPress admin interfaces. 8. Educate administrators about the risks of stored XSS and safe plugin management practices.