CVE-2024-4630 is a stored cross-site scripting (XSS) vulnerability classified under CWE-79, found in the Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress. This vulnerability exists due to insufficient sanitization and escaping of user input in the 'custom_upload_mimes' function, which handles MIME type customizations. Authenticated attackers with contributor-level permissions or higher can exploit this flaw by injecting arbitrary JavaScript code into pages generated by the plugin. Because the malicious script is stored, it executes every time a user visits the infected page, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress environment. The vulnerability affects all versions up to and including 4.2.0. The CVSS 3.1 base score is 6.4, reflecting a medium severity level, with an attack vector of network, low attack complexity, privileges required at the contributor level, no user interaction needed, and a scope change indicating that the vulnerability affects components beyond the initially vulnerable module. While no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the widespread use of WordPress and the Starter Templates plugin in website development. The lack of output escaping and input validation in a function that manages MIME types is a critical oversight, as it allows script injection in a context that is rendered to users. This vulnerability highlights the importance of secure coding practices, especially in plugins that are widely deployed in content management systems.

The impact of CVE-2024-4630 is primarily on the confidentiality and integrity of affected WordPress sites. Successful exploitation allows an attacker with contributor-level access to inject persistent malicious scripts, which execute in the context of users visiting the compromised pages. This can lead to session hijacking, theft of sensitive information such as cookies or credentials, unauthorized actions performed on behalf of users, and potential further compromise of the website or connected systems. Although availability is not directly affected, the reputational damage and potential data breaches can be severe. Organizations relying on the Starter Templates plugin for website design and content delivery face risks of defacement, data leakage, and loss of user trust. Given the popularity of WordPress globally, the scope of affected systems is large, increasing the potential for widespread exploitation if the vulnerability is weaponized. The requirement for contributor-level permissions limits exploitation to insiders or compromised accounts, but this is a common permission level for many content creators, increasing the attack surface. The vulnerability could be leveraged in targeted attacks against organizations with active WordPress sites using this plugin, especially those with multiple contributors.

To mitigate CVE-2024-4630, organizations should immediately update the Starter Templates plugin to a version that addresses this vulnerability once released by the vendor. In the absence of an official patch, administrators should restrict contributor-level permissions to trusted users only and audit existing contributor accounts for suspicious activity. Implementing a Web Application Firewall (WAF) with rules to detect and block XSS payloads targeting the plugin's affected functions can provide temporary protection. Additionally, site administrators should enable Content Security Policy (CSP) headers to reduce the impact of injected scripts by restricting script execution sources. Regularly scanning the website for injected scripts or anomalous content is recommended to detect exploitation attempts early. Developers maintaining custom templates should review and sanitize all user inputs rigorously, especially those related to MIME types or file uploads. Monitoring logs for unusual contributor activity and educating users about the risks of XSS can further reduce exploitation chances. Finally, consider isolating critical administrative functions and limiting the number of users with contributor or higher privileges to minimize risk.