CVE-2024-0852 in coreActivity Plugininfo

Summary

by MITRE • 05/16/2025

The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/12/2025

The vulnerability identified as CVE-2024-0852 affects the coreActivity: Activity Logging WordPress plugin version 1.8.0 and earlier, representing a critical security flaw that enables stored cross-site scripting attacks. This issue arises from insufficient output escaping mechanisms within the plugin's admin dashboard interface, creating a persistent security risk that can compromise high-privilege users including administrators. The vulnerability stems from the plugin's failure to properly sanitize user-supplied input data before rendering it in the administrative interface, which directly violates fundamental web application security principles.

The technical implementation of this vulnerability occurs when unauthenticated users can submit malicious payloads through request parameters that are subsequently stored and displayed within the admin dashboard without proper HTML escaping. This creates a stored XSS scenario where the malicious code executes in the context of the victim's browser when they view the affected administrative interface. The flaw specifically impacts the plugin's activity logging functionality where user input is processed and displayed in dashboard elements, making it particularly dangerous as it can affect any user who views the compromised administrative interface. This vulnerability aligns with CWE-79 which categorizes cross-site scripting flaws as weaknesses in input validation and output escaping mechanisms.

The operational impact of CVE-2024-0852 is severe and potentially devastating for WordPress installations using the affected plugin. High-privilege administrators who regularly access the activity logging dashboard become targets for persistent XSS attacks that can lead to complete administrative compromise. Attackers can execute malicious scripts that may steal session cookies, redirect users to phishing sites, modify administrative settings, or extract sensitive data from the WordPress environment. The stored nature of this vulnerability means that once exploited, the malicious payloads persist until manually removed from the plugin's logging data, potentially affecting multiple administrators over extended periods. This vulnerability also aligns with ATT&CK technique T1566.001 which covers the use of malicious content in web applications to gain initial access or maintain persistence.

Mitigation strategies for this vulnerability require immediate action including upgrading to plugin version 1.8.1 or later where the output escaping has been properly implemented. System administrators should also implement additional security measures such as monitoring for unusual activity patterns in the plugin's logging data and conducting regular security audits of installed plugins. The WordPress security team recommends that all users immediately update their installations to prevent exploitation, as no known workarounds exist for this specific vulnerability. Organizations should also consider implementing web application firewalls and content security policies to provide additional layers of protection against similar attacks, particularly in environments where immediate patching may not be feasible. The vulnerability demonstrates the critical importance of proper input validation and output escaping in web applications, reinforcing industry best practices that align with both OWASP Top 10 and NIST cybersecurity guidelines.

Reservation

01/24/2024

Disclosure

05/16/2025

Moderation

accepted

CPE

ready

EPSS

0.00577

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!