Question 1

What exactly is the vulnerability with the Table of Contents Plus plugin?

Accepted Answer

What exactly is the vulnerability with the Table of Contents Plus plugin?

The Table of Contents Plus plugin for WordPress has a vulnerability that allows for stored cross-site scripting (XSS) in versions up to and including 2302. This is due to insufficient sanitization of input and lack of output escaping in the plugin's admin settings. As a result, users with admin access can inject malicious scripts that will execute when pages are loaded by visitors.

Question 2

How serious is this vulnerability?

Accepted Answer

How serious is this vulnerability?

This vulnerability is considered medium severity, with a CVSS score of 4.4 out of 10. While it requires admin access to exploit, it can still enable serious impacts like cookie theft, session hijacking, or malware installation if leveraged by attackers. Even on sites with restrictions on unfiltered HTML, exposure remains if any privileged users can add scripts.

Question 3

What specific versions of the plugin are affected?

Accepted Answer

What specific versions of the plugin are affected?

All versions up to and including 2302 are impacted. Version 2309 includes fixes for this vulnerability, so upgrading to 2309 or higher will mitigate it.

Question 4

What steps should I take to secure my WordPress site?

Accepted Answer

What steps should I take to secure my WordPress site?

You should immediately update to version 2309 of the Table of Contents Plus plugin. Double check that the update was successful. Also look for any unauthorized content or code changes as a sign your site was compromised. Consider installing an alternate table of contents plugin as well.

Question 5

Are there any signs my site was already hacked?

Accepted Answer

Are there any signs my site was already hacked?

Look for any changes to content or settings that you didn't make. This could indicate that malicious scripts were already injected into your site. If you notice any strange behavior or content changes, take your site offline and request help cleaning any infections immediately.

Question 6

Should I just remove the plugin altogether?

Accepted Answer

Should I just remove the plugin altogether?

While that's an option, a patched version is available that resolves the vulnerability. As long as you upgrade to 2309 or higher, you can continue safely using the Table of Contents Plus plugin if it's helpful for your site.

Question 7

How can I prevent future vulnerabilities like this?

Accepted Answer

How can I prevent future vulnerabilities like this?

Make sure all your plugins and themes are kept updated to the latest versions. Enabling automatic background updates can help. Also periodically audit your installed plugins and themes to check if any have newly disclosed vulnerabilities.

Question 8

Is anyone actually exploiting this vulnerability yet?

Accepted Answer

Is anyone actually exploiting this vulnerability yet?

While attacks leveraging this specific vulnerability aren't widely reported yet, stored XSS issues are a common attack vector. Given the broad installation base of the plugin, hackers may seek out vulnerable sites. It's best to patch as soon as possible.

Question 9

Are other plugins from this developer vulnerable?

Accepted Answer

Are other plugins from this developer vulnerable?

This is the second vulnerability disclosed in the past few months for this specific plugin. Other plugins by the same author are not reported to be affected. But as always, it's wise to ensure you're running the latest versions of all plugins.

Question 10

How can I get help securing and monitoring my WordPress site?

Accepted Answer

How can I get help securing and monitoring my WordPress site?

Consider partnering with a managed WordPress hosting provider or developer. They can take care of updates, security monitoring, backups, and other tasks to keep your site safe 24/7. This frees you up to focus on your business instead of website maintenance.

Vulnerabilities

WordPress Plugin Vulnerability Report – Table of Contents Plus – Authenticated (Administrator+) Stored Cross-Site Scripting

WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection

WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation

WordPress Plugin Vulnerabilities Report – Booster for WooCommerce – Authenticated Stored Cross-Site Scripting & Information Disclosure – CVE-2023-4945, CVE-2023-4796

WordPress Plugin Vulnerability Report – Migration, Backup, Staging – WPvivid – Missing Authorization & Stored Cross-Site Scripting

WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598

WordPress Plugin Vulnerability Report: EWWW Image Optimizer – Sensitive Information Exposure

WordPress Plugin Vulnerability Report: EmbedPress – Cross-Site Request Forgery

WordPress Plugin Vulnerability Report: Duplicate Post Page Menu & Custom Post Type – Missing Authorization to Post Duplication – CVE-2023-4792

WordPress Plugin Vulnerability Report: Starter Templates – Incorrect Authorization – CVE-2023-41805

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy