WordPress, a leading content management system, is widely used for creating websites due to its flexibility and extensive plugin ecosystem. However, the same extensibility that makes WordPress powerful also introduces potential security risks. One such critical vulnerability, CVE-2024-0756, has been discovered in the “Insert or Embed Articulate Content” plugin. This vulnerability enables attackers to execute stored cross-site scripting (XSS) and iframe injection attacks, compromising user accounts and site integrity. This article explores the discovery, exploitation, and potential impact of CVE-2024-0756, alongside best practices for securing WordPress sites.

PluginInsert or Embed Articulate Content into WordPress <= 4.3000000023
All Time123 500
Active installations3 000+
Publicly PublishedMay 14, 2024
Last UpdatedMay 14, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A1: Injection
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0756
Plugin Security Certification by CleanTalk
Logo of the plugin


January 16, 2024Plugin testing and vulnerability detection in the Insert or Embed Articulate Content into WordPress have been completed
January 16, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
May 14, 2024Registered CVE-2024-0756

Discovery of the Vulnerability

CVE-2024-0756 was uncovered during security testing of the Insert or Embed Articulate Content into WordPress plugin. This plugin allows users to embed interactive e-learning content into WordPress posts. The vulnerability was identified when it was discovered that an attacker could upload a zip file containing malicious HTML code. Once the zip file is processed by the plugin, the embedded code is executed in the context of the victim’s browser, enabling the attacker to steal session cookies, manipulate content, or perform actions on behalf of the victim.

Understanding of Stored XSS attack’s

Stored XSS is a type of cross-site scripting where malicious scripts are injected into a website’s database and served to users who access the infected page. Unlike reflected XSS, stored XSS can affect multiple users, including administrators. Iframe injection involves embedding a hidden iframe on a page that loads external malicious content.

Real-world examples of stored XSS in WordPress include vulnerabilities where attackers inject scripts into comment fields or post content. These scripts then execute when other users view the compromised content. Iframe injection can be particularly insidious, as it can load phishing pages or malware from remote servers, compromising users who visit the affected page.

Exploiting the Stored XSS Vulnerability

Exploiting CVE-2024-0756 involves the following steps:


1) Go to http://your_site/wordpress/wp-admin/post-new.php and create new Post

2) Add e-Learning widget inside Page and upload a valid zip file with HTML file which contain malicious code inside

3) After uploading publish post

4) Go to malicious page from Admin to check this vuln


The potential impact of CVE-2024-0756 is severe. In a real-world scenario, an attacker could exploit this vulnerability to hijack administrator sessions, leading to full site compromise. They could inject additional malicious scripts, deface the website, or exfiltrate sensitive data. The threat extends to all users who view the compromised content, making it a potent tool for widespread exploitation.

For instance, if an attacker injects a script that sends session cookies to a remote server, they can hijack administrative sessions and gain unauthorized access to the WordPress backend. From there, they can install malicious plugins, alter site content, or lock out legitimate users, causing significant damage and requiring extensive remediation efforts.

Recommendations for Improved Security

To mitigate the risks associated with CVE-2024-0756 and similar vulnerabilities, WordPress administrators should adopt the following security measures:

  1. Restrict Upload Capabilities: Limit file upload permissions to trusted users and thoroughly validate all uploaded content.
  2. Regular Security Audits: Conduct periodic security reviews of plugins and themes, focusing on those that handle user input or file uploads.
  3. Sanitize User Input: Ensure that all user inputs are properly sanitized and validated to prevent injection attacks.
  4. Use Security Plugins: Implement security plugins that provide additional layers of protection, such as Web Application Firewalls (WAFs) and real-time monitoring.
  5. Educate Users: Train users, especially those with author or higher privileges, on the importance of security best practices and recognizing potential threats.

By taking proactive measures to address Stored XSS / Iframe Injection vulnerabilities like CVE-2024-0756, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #RCE #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2024-0756 – Insert or Embed Articulate Content into WordPress – Stored XSS/ Iframe Injection – POC

Leave a Reply

Your email address will not be published. Required fields are marked *