CVE-2024-5218 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-80, found in the Reviews and Rating – Google Reviews plugin for WordPress developed by designextreme. This vulnerability affects all plugin versions up to and including 5.2. The root cause is insufficient sanitization of user input and inadequate escaping of output in the plugin's file upload feature. Authenticated users with at least Author-level privileges can upload files containing malicious scripts that are stored persistently and executed in the context of any user who accesses the affected page. This persistent XSS can lead to unauthorized actions such as session hijacking, defacement, or distribution of malware. The vulnerability has a CVSS 3.1 base score of 6.4, reflecting a network attack vector, low attack complexity, privileges required at the Author level, no user interaction needed, and a scope change due to the potential impact on other users. Although no active exploits have been reported, the vulnerability poses a significant risk to WordPress sites using this plugin, especially those with multiple users and public-facing content. The lack of available patches at the time of disclosure necessitates immediate mitigation steps to reduce exposure.

The impact of CVE-2024-5218 is primarily on the confidentiality and integrity of affected WordPress sites. Successful exploitation allows an attacker with Author-level access to inject malicious scripts that execute in the browsers of other users visiting the compromised pages. This can lead to session hijacking, theft of sensitive information such as cookies or credentials, unauthorized actions performed on behalf of users, and potential site defacement. While availability is not directly affected, the reputational damage and potential data breaches can be severe. Organizations relying on this plugin, especially those with multiple contributors or public user interactions, face increased risk of compromise. The vulnerability could be leveraged in targeted attacks against high-value websites or used as a foothold for further exploitation within an organization's network. Since exploitation requires authenticated access, the threat is mitigated somewhat by access controls but remains significant in environments with many users or weak account management.

To mitigate CVE-2024-5218, organizations should first check for and apply any official patches or updates from the plugin vendor once available. In the absence of patches, administrators should restrict Author-level and higher privileges to trusted users only, minimizing the risk of malicious uploads. Implementing Web Application Firewalls (WAFs) with rules to detect and block suspicious script payloads in file uploads can provide an additional layer of defense. Site administrators should also audit existing uploaded files for malicious content and remove any suspicious entries. Employing Content Security Policy (CSP) headers can help limit the impact of injected scripts by restricting the sources from which scripts can be executed. Regular security scanning and monitoring for unusual activity related to the plugin's pages are recommended. Finally, consider disabling or replacing the vulnerable plugin with a more secure alternative if immediate patching is not feasible.