CVE-2024-54442 identifies a stored Cross-site Scripting (XSS) vulnerability in the Better WP Login Page plugin developed by cortesfrau, affecting all versions up to 1.1.2. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows attackers to inject malicious JavaScript code that is stored persistently on the affected WordPress site. When other users or administrators visit the compromised page, the malicious script executes in their browsers within the context of the vulnerable site. This can lead to theft of authentication cookies, session tokens, or other sensitive information, enabling account takeover or further exploitation. The vulnerability does not require prior authentication, increasing its risk. Although no public exploits have been reported yet, the nature of stored XSS makes it a critical concern for websites relying on this plugin. The plugin is commonly used to customize WordPress login pages, and its compromise can undermine site security and user trust. The lack of a CVSS score suggests the need for a manual severity assessment based on impact and exploitability factors.

The impact of CVE-2024-54442 is significant for organizations using the Better WP Login Page plugin on WordPress sites. Successful exploitation can lead to unauthorized access to user accounts, including administrative accounts, through session hijacking or credential theft. This compromises the confidentiality and integrity of the affected websites and their data. Additionally, attackers could deface login pages or redirect users to malicious sites, damaging brand reputation and user trust. The stored nature of the XSS means the malicious payload persists, increasing the risk of repeated exploitation. Organizations with public-facing WordPress sites, especially those handling sensitive user data or providing critical services, face heightened risk. The absence of known exploits in the wild currently reduces immediate threat but does not diminish the urgency for remediation, as attackers often develop exploits rapidly after vulnerability disclosure.

To mitigate CVE-2024-54442, organizations should immediately update the Better WP Login Page plugin to a version that addresses this vulnerability once available. Until a patch is released, administrators should consider disabling or removing the plugin to eliminate exposure. Implementing Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting the login page can provide temporary protection. Additionally, applying Content Security Policy (CSP) headers can help restrict the execution of unauthorized scripts. Regularly auditing and sanitizing user inputs and stored content within WordPress can reduce the risk of persistent XSS. Monitoring logs for suspicious activity related to the login page and educating users about phishing and social engineering risks further strengthens defense. Finally, maintaining a robust backup and incident response plan ensures rapid recovery if exploitation occurs.