WordPress is one of the most popular content management systems, powering millions of websites worldwide. Plugins enhance its functionality but can also introduce security vulnerabilities. One such case is the Prisna GWT plugin, which allows automatic translation using Google’s services. A stored cross-site scripting (XSS) vulnerability (CVE-2024-12679) has been identified in this plugin, posing a risk to website security. This article explores the discovery, exploitation, and mitigation of this vulnerability.
| CVE | CVE-2024-12679 |
| Plugin | Prisna GWT < 1.4.14 |
| Critical | High |
| All Time | 327 638 |
| Active installations | 10 000+ |
| Publicly Published | March 17, 2025 |
| Last Updated | March 17, 2025 |
| Researcher | Artyom Krugov |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12679 https://wpscan.com/vulnerability/7ca1438f-4269-4e34-be4a-766276a9f016/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
PSC by CleantalkJoin the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Timeline
| November 17, 2024 | Plugin testing and vulnerability detection in the Prisna GWT have been completed |
| November 17, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 17, 2025 | Registered CVE-2024-12679 |
Discovery of the Vulnerability
Security researchers identified a stored XSS vulnerability in the Prisna GWT plugin, specifically in the “Exclude selector (jQuery)” field under the Advanced tab of the plugin’s settings panel. By injecting a malicious script, attackers could execute JavaScript in the browser of an unsuspecting user, leading to session hijacking, phishing, or defacement attacks.
Understanding of XSS attack’s
Stored XSS occurs when user-supplied input is stored in the database and later executed in the browser of users viewing the affected page. Unlike reflected XSS, which requires a victim to click on a malicious link, stored XSS does not require user interaction, making it more dangerous.
Consider an administrator who configures the Prisna GWT plugin with the aforementioned payload. Every visitor who loads a translated page may execute the injected script unknowingly, allowing an attacker to steal authentication cookies or redirect users to malicious sites.
Exploiting the XSS Vulnerability
To reproduce the vulnerability, the following steps can be taken:
POC:
1) Navigate to the WordPress admin panel. 2) Access the Plugins section and select "Prisna GWT". 3) Open the Advanced tab in the settings panel. 4) Insert the following malicious payload into the "Exclude selector (jQuery)" field 5) Save the settings and trigger the payload by visiting a translated page.____
Recommendations for Improved Security
To mitigate this vulnerability, users and developers should take the following steps:
- Update to the latest version: Ensure that you are using a patched version of the Prisna GWT plugin.
- Sanitize Inputs: Avoid using untrusted input in plugin settings fields.
- Implement a Web Application Firewall (WAF): Solutions like Wordfence can help block XSS payloads.
To prevent this type of attacks vendor used our methods of prevention.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-13616, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
Artyom k.