CVE-2024-5878 is a stored cross-site scripting vulnerability categorized under CWE-79, impacting multiple WordPress plugins that bundle the SimpleLightbox JavaScript library version 2.1.5 developed by aknieriem. The root cause is the improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of user-supplied attributes within the plugin's code. This flaw allows authenticated attackers with contributor-level privileges or higher to inject arbitrary JavaScript payloads into pages. These malicious scripts execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress environment. The vulnerability affects all versions of the SimpleLightbox library used in these plugins, with no patch links currently available. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) indicates network attack vector, low attack complexity, requiring privileges, no user interaction, and a scope change due to the cross-site scripting impact on confidentiality and integrity. Although no active exploits have been reported, the vulnerability poses a significant risk due to the widespread use of WordPress and the common inclusion of SimpleLightbox in plugins. The vulnerability was published on May 20, 2025, and is tracked by Wordfence and CISA, highlighting its relevance and the need for awareness.

The primary impact of CVE-2024-5878 is the compromise of confidentiality and integrity within affected WordPress sites. An attacker with contributor-level access can inject persistent malicious scripts that execute in the browsers of site visitors or administrators. This can lead to session hijacking, theft of sensitive information such as cookies or credentials, unauthorized actions performed on behalf of users, and potential defacement of web content. Although availability is not directly impacted, the trustworthiness and security posture of the affected websites are undermined. For organizations relying on WordPress for content management, this vulnerability can facilitate lateral movement, privilege escalation, or data leakage, especially in environments where contributor roles are widely assigned. The scope of affected systems is broad due to the popularity of WordPress and the frequent use of SimpleLightbox in plugins, increasing the potential attack surface globally.

To mitigate CVE-2024-5878, organizations should first identify all WordPress plugins that bundle the vulnerable SimpleLightbox 2.1.5 library. Since no official patches are currently linked, administrators should consider the following specific actions: 1) Temporarily restrict contributor-level user privileges to prevent script injection until a patch is available. 2) Implement a Web Application Firewall (WAF) with custom rules to detect and block suspicious script injection patterns targeting SimpleLightbox attributes. 3) Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts on affected pages. 4) Conduct thorough input validation and output encoding on any user-generated content before it is rendered, possibly via custom plugin modifications or filters. 5) Monitor logs and user activity for signs of exploitation attempts or unusual behavior. 6) Stay updated with vendor advisories for official patches or updates to the SimpleLightbox library and apply them promptly once released. 7) Educate content contributors about the risks of uploading or embedding potentially malicious content. These targeted mitigations go beyond generic advice by focusing on privilege management, WAF tuning, and CSP deployment specific to this vulnerability.