CVE-2024-2239 in Premium Addons Pro Plugin
Summary
by MITRE • 03/13/2024
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/13/2026
The vulnerability identified as CVE-2024-2239 affects the Premium Addons PRO plugin for WordPress, specifically within the Premium Magic Scroll module. This represents a critical security flaw that allows authenticated attackers with contributor-level privileges or higher to execute stored cross-site scripting attacks. The issue stems from inadequate input sanitization and output escaping mechanisms within the plugin's codebase, creating a persistent vector for malicious script injection that can compromise user sessions and execute unauthorized code on affected websites.
The technical nature of this vulnerability places it squarely within the scope of CWE-79, which defines Cross-Site Scripting (XSS) as a common web application security weakness. The flaw manifests as a stored XSS vulnerability because the malicious scripts are permanently stored on the server and executed whenever users access the compromised pages. This differs from reflected XSS where scripts are injected through malicious URLs, making stored XSS particularly dangerous as it can affect multiple users over extended periods. The vulnerability affects all versions of the plugin up to and including 2.9.12, indicating a widespread exposure across multiple releases.
From an operational perspective, this vulnerability creates significant risk for WordPress websites utilizing the Premium Addons PRO plugin. Attackers with contributor-level access can inject malicious scripts that execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or redirection to malicious sites. The impact extends beyond immediate script execution as these attacks can be used to escalate privileges, modify content, or establish persistent backdoors within the compromised website. The fact that this affects users with contributor-level access means that even relatively low-privilege accounts can pose substantial threats to website security.
The attack vector requires minimal privileges, making this vulnerability particularly concerning for WordPress installations where multiple users have contributor-level access or higher. The exploitation process involves injecting malicious scripts through the Premium Magic Scroll module interface, which are then stored and executed whenever users access affected pages. This persistent nature of the vulnerability means that once exploited, the malicious code can continue to affect users until the plugin is updated or the injected scripts are manually removed. Organizations should consider this vulnerability in the context of ATT&CK technique T1566.001, which covers phishing with malicious attachments, as attackers could leverage this vulnerability to deliver malicious payloads through compromised website content.
Mitigation strategies should prioritize immediate plugin updates to versions that address this vulnerability, as the developers have likely released patches to resolve the input sanitization and output escaping issues. Additionally, implementing proper access controls and privilege management can help reduce the attack surface by limiting contributor-level access to only essential users. Network monitoring and web application firewalls can provide additional detection capabilities for suspicious script injection attempts. Regular security audits of installed plugins and themes should be conducted to identify other potential vulnerabilities, while user education regarding the risks of granting excessive privileges can help prevent exploitation through social engineering approaches. Organizations should also consider implementing content security policies and regular security scanning to detect and remediate similar vulnerabilities before they can be exploited.