CVE-2024-34375 in Sheets to WP Table Live Sync Plugininfo

Summary

by MITRE • 05/06/2024

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 03/31/2025

The vulnerability identified as CVE-2024-34375 represents a critical cross-site scripting weakness within the WPPOOL Sheets To WP Table Live Sync plugin, specifically impacting versions ranging from the initial release through 3.7.0. This stored XSS vulnerability emerges during the web page generation process when user input is inadequately sanitized or neutralized before being rendered in web interfaces. The flaw allows attackers to inject malicious scripts that persist in the application's database and execute whenever affected pages are loaded, creating a persistent threat vector that can compromise user sessions and data integrity.

The technical implementation of this vulnerability stems from insufficient input validation and output encoding mechanisms within the plugin's data handling processes. When users interact with the plugin's interface to configure table settings or input data from Google Sheets, the system fails to properly sanitize the data before storing it in the WordPress database. This stored data is then subsequently retrieved and displayed in web pages without adequate HTML escaping or context-appropriate encoding, creating opportunities for malicious script execution. The vulnerability manifests as a stored XSS because the malicious payloads are saved in the database rather than being reflected in a single request, enabling attackers to maintain persistent access to affected systems.

The operational impact of this vulnerability extends beyond simple script execution, potentially enabling attackers to perform a wide range of malicious activities including session hijacking, credential theft, data exfiltration, and privilege escalation. Attackers can craft malicious inputs that, when processed by the vulnerable plugin, will execute scripts in the context of authenticated users' browsers. This could allow unauthorized individuals to access sensitive data, modify content, or even take full control of compromised WordPress installations. The vulnerability's persistence through stored data makes it particularly dangerous as it can affect multiple users over extended periods without requiring repeated exploitation attempts.

Organizations utilizing the affected plugin versions should immediately implement mitigations including updating to the latest available version that addresses this vulnerability, implementing web application firewalls to detect and block malicious payloads, and conducting thorough security audits of all user inputs. Additionally, administrators should consider implementing strict input validation measures, regular security scanning, and monitoring for suspicious activities within their WordPress installations. This vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws, and maps to ATT&CK technique T1566.001 for initial access through malicious content and T1071.001 for application layer protocols. The security community should also consider implementing defense-in-depth strategies including content security policies and regular security assessments to prevent similar vulnerabilities from emerging in other WordPress plugins or web applications.

Responsible

Patchstack

Reservation

05/02/2024

Disclosure

05/06/2024

Moderation

accepted

CPE

ready

EPSS

0.00359

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!