CVE-2024-6797 is a medium-severity vulnerability affecting the DL Robots.txt WordPress plugin up to version 1.2. The vulnerability is a Stored Cross-Site Scripting (XSS) issue classified under CWE-79. It arises because the plugin fails to properly sanitize and escape certain settings, allowing high-privilege users, such as administrators, to inject malicious scripts. Notably, this vulnerability can be exploited even when the WordPress unfiltered_html capability is disabled, such as in multisite environments, which typically restricts the ability to add raw HTML. The attack vector requires the attacker to have high privileges (admin) and some user interaction, as the CVSS vector indicates (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). The vulnerability impacts confidentiality and integrity by enabling script injection that could hijack sessions, steal cookies, or perform actions on behalf of other users. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component, potentially impacting other sites in a multisite setup. There are no known exploits in the wild, and no patches have been linked yet. The CVSS score of 4.8 reflects a medium severity level, balancing the high privileges required and the potential impact of exploitation.

For European organizations using WordPress multisite installations with the DL Robots.txt plugin, this vulnerability poses a risk of privilege escalation and persistent XSS attacks. An attacker with admin access could inject malicious scripts that execute in the context of other users, potentially leading to session hijacking, credential theft, or unauthorized actions within the WordPress environment. This could compromise the confidentiality and integrity of sensitive data managed through the CMS. Given the multisite context, the vulnerability could affect multiple sites managed under a single WordPress instance, amplifying the impact. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, could face compliance risks if such an attack leads to data breaches. Although exploitation requires admin privileges and user interaction, insider threats or compromised admin accounts could leverage this vulnerability to escalate attacks. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often target WordPress plugins due to their widespread use in Europe.

European organizations should immediately audit their WordPress installations to identify the presence of the DL Robots.txt plugin, especially in multisite environments. Until an official patch is released, administrators should restrict plugin installation and updates to trusted personnel only and consider disabling or removing the plugin if it is not essential. Implementing strict access controls and monitoring admin account activities can help detect and prevent misuse. Employing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injections related to this plugin can provide additional protection. Regularly updating WordPress core and all plugins is critical once a patch becomes available. Additionally, organizations should educate administrators about the risks of stored XSS and the importance of validating and sanitizing input, even from trusted users. Conducting security reviews and penetration testing focused on multisite configurations can help identify similar vulnerabilities proactively.