CVE-2024-5668 is a medium-severity DOM-based stored Cross-Site Scripting vulnerability identified in the Lightbox & Modal Popup WordPress Plugin – FooBox, maintained by bradvin. The vulnerability affects all plugin versions up to and including 2.7.28. It stems from improper neutralization of input during web page generation (CWE-79), specifically due to insufficient sanitization and output escaping of HTML data attributes that are user-supplied. Authenticated attackers with contributor-level access or higher can exploit this flaw by injecting arbitrary JavaScript code into pages via these data attributes. Because the malicious script is stored and executed in the browser of any user who visits the infected page, the attack can lead to session hijacking, unauthorized actions on behalf of users, or theft of sensitive information. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) indicates network exploitability with low attack complexity, requiring privileges but no user interaction, and a scope change due to the potential impact on other users. Although no known exploits are currently in the wild, the vulnerability poses a significant risk given the plugin's usage in WordPress environments. The lack of a patch at the time of disclosure necessitates immediate mitigation steps to prevent exploitation.

The impact of CVE-2024-5668 is primarily on confidentiality and integrity, as attackers can execute arbitrary scripts in the context of other users, potentially stealing session cookies, performing actions on behalf of victims, or defacing content. The vulnerability does not affect availability directly but can lead to reputational damage and loss of user trust. Since exploitation requires contributor-level access, the risk is elevated in environments with weak access controls or compromised user accounts. The scope of affected systems is broad due to the widespread deployment of WordPress and the popularity of the FooBox plugin. Organizations running WordPress sites with this plugin are at risk of targeted attacks, especially those with multiple contributors or less stringent user management. The vulnerability's network exploitability and lack of user interaction requirement increase the likelihood of automated or semi-automated exploitation once a public exploit emerges.

1. Monitor for and apply official patches or updates from the plugin developer as soon as they become available. 2. In the absence of a patch, implement manual input validation and output escaping for all user-supplied HTML data attributes within the plugin code or via custom filters/hooks in WordPress. 3. Restrict contributor-level and higher privileges to trusted users only, minimizing the number of accounts that can inject content. 4. Conduct regular audits of user roles and permissions to detect and remove unnecessary elevated access. 5. Employ Web Application Firewalls (WAFs) with rules targeting suspicious script injection patterns in HTML attributes. 6. Educate content contributors about the risks of injecting untrusted content and enforce content submission guidelines. 7. Monitor website logs and user activity for unusual behavior indicative of exploitation attempts. 8. Consider disabling or replacing the FooBox plugin with alternatives that have a better security track record until a fix is released.