CVE-2024-6767 identifies a stored cross-site scripting vulnerability in the WordSurvey plugin for WordPress, specifically affecting all versions up to and including 3.2. The root cause is improper neutralization of input during web page generation, classified under CWE-79. The vulnerability exists in the 'sounding_title' parameter, which lacks adequate input sanitization and output escaping, allowing malicious scripts to be stored persistently in the plugin's data. This flaw is exploitable only by authenticated users with administrator-level access, limiting the attack surface but increasing the risk if credentials are compromised. The vulnerability specifically impacts WordPress multi-site installations or those where the 'unfiltered_html' capability is disabled, as these configurations restrict direct HTML input, making the plugin's sanitization critical. When exploited, the injected scripts execute in the context of any user visiting the affected pages, potentially enabling session hijacking, privilege escalation, or other malicious actions. The CVSS 3.1 base score is 5.5, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, and partial confidentiality and integrity impact. No public exploits have been reported yet, but the vulnerability's presence in a widely used plugin and its stored nature make it a significant concern for affected environments. No official patches are linked yet, so mitigation relies on configuration changes or disabling the plugin until fixes are available.

The primary impact of CVE-2024-6767 is the potential for persistent cross-site scripting attacks within WordPress multi-site environments using the WordSurvey plugin. Successful exploitation can lead to theft of authentication cookies, enabling session hijacking and unauthorized access. Attackers could also perform actions on behalf of legitimate users, potentially escalating privileges or defacing content. Since the vulnerability requires administrator-level access, the risk is somewhat contained; however, if an attacker gains such access through other means (e.g., credential compromise), this vulnerability can be leveraged to maintain persistence and expand control. The multi-site context increases the scope, as injected scripts may affect multiple sites and users. The confidentiality and integrity of user data and site content are at risk, though availability is not directly impacted. Organizations relying on WordSurvey in multi-site setups face increased risk of targeted attacks, especially if they have sensitive user bases or high-value content. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as exploit code could emerge.

To mitigate CVE-2024-6767, organizations should first verify if they operate WordPress multi-site installations with the WordSurvey plugin version 3.2 or earlier. Immediate steps include disabling the WordSurvey plugin until a security patch is released. Administrators should audit user privileges to ensure only trusted personnel have administrator access, reducing the risk of insider threats or credential misuse. Implementing strict monitoring and logging of administrative actions can help detect suspicious activity early. If disabling the plugin is not feasible, consider restricting access to affected pages via web application firewalls (WAF) with custom rules to block suspicious input patterns targeting the 'sounding_title' parameter. Additionally, enabling Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Regularly update WordPress core and plugins once patches become available. Finally, educate administrators on secure credential management and encourage the use of multi-factor authentication to reduce the risk of compromised admin accounts.