CVE-2024-29799 in WP Fast Total Search Plugin
Summary
by MITRE • 03/27/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/12/2025
The vulnerability identified as CVE-2024-29799 represents a critical cross-site scripting weakness in the Epsiloncool WP Fast Total Search plugin for WordPress environments. This stored XSS vulnerability arises from inadequate input sanitization during the web page generation process, allowing malicious actors to inject malicious scripts that persist in the application's database and execute against unsuspecting users. The flaw specifically impacts versions of the plugin ranging from the initial release through 1.59.211, creating a substantial attack surface for potential exploitation.
The technical implementation of this vulnerability stems from the plugin's failure to properly neutralize user-supplied input before rendering it within web pages. When users submit search queries or other input through the plugin's interface, the application does not adequately sanitize these inputs, creating opportunities for attackers to embed malicious javascript code within the search parameters. This stored nature of the vulnerability means that once malicious input is processed and saved, it will execute every time the affected page is loaded, making it particularly dangerous for administrators and regular users who may encounter the malicious content during normal operation.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the ability to perform various malicious activities including session hijacking, credential theft, and data exfiltration from authenticated users. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws in web applications, and maps to ATT&CK technique T1566.001 for credential access through social engineering. Attackers could leverage this vulnerability to establish persistent access to compromised WordPress installations, potentially leading to complete system compromise. The stored nature of the XSS attack means that even users who do not directly interact with the malicious content can be affected when the application displays the tainted data, creating a widespread impact across the user base.
Mitigation strategies for this vulnerability should prioritize immediate plugin updates to version 1.59.212 or later, which contains the necessary patches to address the input sanitization issues. System administrators should also implement additional security measures including input validation at multiple layers, regular security scanning of WordPress installations, and monitoring for suspicious activity in search logs. The implementation of Content Security Policy headers can provide additional protection against script execution, while regular security audits of installed plugins should be conducted to identify similar vulnerabilities. Organizations should also consider implementing web application firewalls to detect and block malicious input patterns, and establish incident response procedures to quickly address any exploitation attempts that may occur before patch deployment.