CVE-2024-13352 in Legull Plugin
Summary
by MITRE • 02/07/2025
The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/10/2026
The vulnerability identified as CVE-2024-13352 affects the Legull WordPress plugin version 1.2.2 and earlier, presenting a critical reflected cross-site scripting flaw that poses significant risks to administrative users. This vulnerability stems from inadequate input sanitization and output escaping mechanisms within the plugin's codebase, creating an exploitable condition where malicious payloads can be injected and executed in the context of a victim's browser session.
The technical flaw manifests when the plugin fails to properly sanitize a parameter before incorporating it into the HTTP response sent back to users. This oversight allows an attacker to craft malicious URLs containing script code that gets reflected back to the user's browser when the page is rendered. The vulnerability specifically targets high-privilege users such as administrators, making it particularly dangerous since successful exploitation could lead to complete compromise of the WordPress installation. The reflected nature of the XSS means that the malicious script is not stored on the server but rather injected through the web application's input handling, making it difficult to detect and prevent through traditional server-side security measures.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the capability to perform actions on behalf of authenticated users. When an administrator clicks on a malicious link or visits a compromised page, the injected script executes in their browser context, potentially allowing attackers to steal session cookies, modify content, redirect users to malicious sites, or perform administrative actions. This threat vector is particularly concerning because it leverages the trust relationship between the user and the WordPress admin interface, making social engineering attacks more effective. The vulnerability's classification aligns with CWE-79 which specifically addresses Cross-Site Scripting flaws, and it maps to ATT&CK technique T1566.001 for the initial access phase through spearphishing with a link.
Mitigation strategies should focus on immediate patching of the affected plugin to version 1.2.3 or later, which presumably includes proper input sanitization and output escaping mechanisms. Administrators should also implement additional security measures such as Content Security Policy headers to limit script execution, monitor access logs for suspicious activity, and conduct regular security audits of installed plugins. Network-level protections including web application firewalls can provide additional layers of defense, though they should not replace proper code-level fixes. Users should be educated about the risks of clicking suspicious links and the importance of maintaining updated software versions, as this vulnerability demonstrates the critical importance of timely patch management in preventing exploitation of known security flaws.