WP Publications WordPress Plugin 1.2 - Stored XSS
WP Publications WordPress Plugin 1.2 - Stored XSS
AI Analysis
Technical Summary
The WP Publications WordPress Plugin version 1.2 contains a stored Cross-Site Scripting (XSS) vulnerability. Stored XSS occurs when malicious scripts injected by an attacker are permanently stored on the target server, such as within a database, and later served to users without proper sanitization or encoding. In this case, the vulnerability resides in the WP Publications plugin, which is used to manage and display publication content on WordPress sites. An attacker exploiting this flaw can inject malicious JavaScript code that will execute in the browsers of users who view the affected pages. This can lead to session hijacking, credential theft, defacement, or redirection to malicious sites. The exploit code is available and written in Perl, indicating that automated attacks or proof-of-concept scripts exist, potentially lowering the barrier for exploitation. Although the affected versions are not explicitly listed, the vulnerability specifically targets version 1.2 of the plugin. No official patches or updates have been linked, suggesting that users may remain exposed unless they apply manual mitigations or updates from the plugin developer. The absence of a CVSS score requires an independent severity assessment based on the nature of stored XSS vulnerabilities, which typically have medium to high impact depending on the context and user privileges. Stored XSS is more dangerous than reflected XSS because the malicious payload persists and can affect multiple users over time. The exploit does not require authentication or user interaction beyond visiting a compromised page, increasing its risk profile. The presence of exploit code in Perl suggests that attackers can automate injection and exploitation processes, potentially increasing attack volume and speed.
Potential Impact
For European organizations, this stored XSS vulnerability poses significant risks, especially for those relying on WordPress sites with the WP Publications plugin for publishing academic, scientific, or professional content. The exploitation can lead to unauthorized access to user sessions, theft of sensitive information such as login credentials, and potential spread of malware through injected scripts. This can damage organizational reputation, lead to data breaches under GDPR regulations, and cause operational disruptions if attackers deface or manipulate website content. Educational institutions, research organizations, and publishing houses in Europe are particularly vulnerable due to their frequent use of publication management plugins. Furthermore, the lack of patches and the availability of exploit code increase the likelihood of exploitation, potentially affecting a broad user base including site administrators and visitors. The impact extends beyond confidentiality to integrity and availability, as attackers could alter displayed content or cause denial of service by injecting disruptive scripts.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the WP Publications plugin version 1.2. If detected, they should disable or remove the plugin until an official patch is released. In the absence of patches, organizations can implement Web Application Firewall (WAF) rules to detect and block common XSS payloads targeting the plugin’s input fields. Additionally, input validation and output encoding should be enforced at the application level to sanitize user inputs and escape outputs properly. Administrators should also monitor web server logs and user reports for signs of suspicious activity or injected scripts. Regular backups of website data and configurations are essential to enable quick recovery in case of compromise. Educating content managers and users about the risks of XSS and safe browsing practices can reduce the impact of social engineering attacks leveraging this vulnerability. Finally, organizations should subscribe to security advisories from the plugin developer and WordPress community to apply updates promptly once available.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden
Indicators of Compromise
- exploit-code: # Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS # Google Dork: inurl:/wp-content/plugins/wp-publications/ # Date: 2025-07-15 # Exploit Author: Zeynalxan Quliyev # Vendor Homepage: https://wordpress.org/plugins/wp-publications/ # Software Link: https://downloads.wordpress.org/plugin/wp-publications.1.2.zip # Version: <= 1.2 # Tested on: WordPress 6.5.3 / Linux (Apache) # CVE: CVE-2024-11605 ## Vulnerability Details The WP Publications plugin for WordPress (versions <= 1.2) is vulnerable to a **Stored Cross-Site Scripting (XSS)** attack. The vulnerability exists because the plugin fails to escape filenames before outputting them in the HTML, allowing high-privileged users (such as admins) to inject arbitrary JavaScript code. This vulnerability is exploitable even in WordPress configurations where the `unfiltered_html` capability is disabled (e.g., multisite setups). --- ## Proof of Concept (PoC) 1. SSH into the server and navigate to the plugin directory: ```bash cd /var/www/html/wp-content/plugins/wp-publications/ ``` 2. Run the following command to create a malicious BibTeX file: ```bash touch "<img src=x onerror=alert('XSS')>.bib" ``` 3. Access the plugin's BibTeX browser via the following URL: ``` https://example.com/wp-content/plugins/wp-publications/bibtexbrowser.php?frameset&bib= ``` 4. The injected JavaScript will be executed, triggering the XSS payload: ```javascript alert('XSS'); ``` --- ## Impact * Stored XSS (JavaScript) is executed in the context of the admin panel. * Bypasses `unfiltered_html` protection in multisite environments. * Can be used for privilege escalation, cookie theft, or injecting malicious content. --- ## Recommendation Update to a version of the plugin that properly escapes file names before rendering them in the output. If no update is available, disable the plugin or sanitize file inputs manually. --- ## References * [CVE-2024-11605 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2024-11605) * [WP Plugin Page](https://wordpress.org/plugins/wp-publications/)
WP Publications WordPress Plugin 1.2 - Stored XSS
Description
WP Publications WordPress Plugin 1.2 - Stored XSS
AI-Powered Analysis
Technical Analysis
The WP Publications WordPress Plugin version 1.2 contains a stored Cross-Site Scripting (XSS) vulnerability. Stored XSS occurs when malicious scripts injected by an attacker are permanently stored on the target server, such as within a database, and later served to users without proper sanitization or encoding. In this case, the vulnerability resides in the WP Publications plugin, which is used to manage and display publication content on WordPress sites. An attacker exploiting this flaw can inject malicious JavaScript code that will execute in the browsers of users who view the affected pages. This can lead to session hijacking, credential theft, defacement, or redirection to malicious sites. The exploit code is available and written in Perl, indicating that automated attacks or proof-of-concept scripts exist, potentially lowering the barrier for exploitation. Although the affected versions are not explicitly listed, the vulnerability specifically targets version 1.2 of the plugin. No official patches or updates have been linked, suggesting that users may remain exposed unless they apply manual mitigations or updates from the plugin developer. The absence of a CVSS score requires an independent severity assessment based on the nature of stored XSS vulnerabilities, which typically have medium to high impact depending on the context and user privileges. Stored XSS is more dangerous than reflected XSS because the malicious payload persists and can affect multiple users over time. The exploit does not require authentication or user interaction beyond visiting a compromised page, increasing its risk profile. The presence of exploit code in Perl suggests that attackers can automate injection and exploitation processes, potentially increasing attack volume and speed.
Potential Impact
For European organizations, this stored XSS vulnerability poses significant risks, especially for those relying on WordPress sites with the WP Publications plugin for publishing academic, scientific, or professional content. The exploitation can lead to unauthorized access to user sessions, theft of sensitive information such as login credentials, and potential spread of malware through injected scripts. This can damage organizational reputation, lead to data breaches under GDPR regulations, and cause operational disruptions if attackers deface or manipulate website content. Educational institutions, research organizations, and publishing houses in Europe are particularly vulnerable due to their frequent use of publication management plugins. Furthermore, the lack of patches and the availability of exploit code increase the likelihood of exploitation, potentially affecting a broad user base including site administrators and visitors. The impact extends beyond confidentiality to integrity and availability, as attackers could alter displayed content or cause denial of service by injecting disruptive scripts.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the WP Publications plugin version 1.2. If detected, they should disable or remove the plugin until an official patch is released. In the absence of patches, organizations can implement Web Application Firewall (WAF) rules to detect and block common XSS payloads targeting the plugin’s input fields. Additionally, input validation and output encoding should be enforced at the application level to sanitize user inputs and escape outputs properly. Administrators should also monitor web server logs and user reports for signs of suspicious activity or injected scripts. Regular backups of website data and configurations are essential to enable quick recovery in case of compromise. Educating content managers and users about the risks of XSS and safe browsing practices can reduce the impact of social engineering attacks leveraging this vulnerability. Finally, organizations should subscribe to security advisories from the plugin developer and WordPress community to apply updates promptly once available.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Edb Id
- 52368
- Has Exploit Code
- true
- Code Language
- perl
Indicators of Compromise
Exploit Source Code
Exploit code for WP Publications WordPress Plugin 1.2 - Stored XSS
# Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS # Google Dork: inurl:/wp-content/plugins/wp-publications/ # Date: 2025-07-15 # Exploit Author: Zeynalxan Quliyev # Vendor Homepage: https://wordpress.org/plugins/wp-publications/ # Software Link: https://downloads.wordpress.org/plugin/wp-publications.1.2.zip # Version: <= 1.2 # Tested on: WordPress 6.5.3 / Linux (Apache) # CVE: CVE-2024-11605 ## Vulnerability Details The WP Publications plugin for WordPress (versions <= 1.2) is... (1593 more characters)
Threat ID: 687816daa83201eaacdebc74
Added to database: 7/16/2025, 9:17:14 PM
Last enriched: 8/11/2025, 1:20:57 AM
Last updated: 8/15/2025, 8:29:38 AM
Views: 27
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighTop Israeli Cybersecurity Director Arrested in US Child Exploitation Sting
HighEncryptHub abuses Brave Support in new campaign exploiting MSC EvilTwin flaw
MediumMalicious JavaScript Injects Fullscreen Iframe On a WordPress Website
MediumU.S. CISA adds N-able N-Central flaws to its Known Exploited Vulnerabilities catalog - Security Affairs
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.