Security readout for executives and security teams
Plain-English summary
This CVE affects the WordPress Better WP Login Page plugin through version 1.1.2. A highly privileged user could store malicious script content that runs when another user views the affected page. Business impact is usually moderate, but it can expose admin sessions, alter page behavior, or support follow-on compromise in WordPress environments.
Executive priority
Treat as a moderate-priority WordPress plugin issue. Prioritize sites with multiple administrators, delegated site management, or prior account compromise concerns. It is not currently supported by the provided sources as an actively exploited emergency.
Technical view
CVE-2024-54442 is a stored cross-site scripting issue in cortesfrau Better WP Login Page, package better-wp-login-page, caused by improper output neutralization. The CVSS 3.1 score is 5.9 with high privileges required and user interaction required. Scope is changed, with low confidentiality, integrity, and availability impact.
Likely exposure
Exposure is limited to WordPress sites running Better WP Login Page version 1.1.2 or earlier. The source bundle does not identify other affected products or deployment-specific prerequisites beyond the plugin and version range.
Exploitation context
The provided sources do not report active exploitation, and the bundle marks KEV as false. Exploitation requires high privileges and another user interaction, which lowers broad internet risk but still matters on shared-admin or compromised-admin WordPress sites.
Researcher notes
Evidence is sufficient for the vulnerability class, affected plugin, version ceiling, and CVSS vector. Evidence is incomplete on exact vulnerable fields, patched version, exploit maturity, and vendor remediation status. Avoid assuming a fix exists unless confirmed from vendor or Patchstack guidance.
Mitigation direction
Inventory WordPress sites for the better-wp-login-page plugin and installed version.
Check vendor or Patchstack guidance for a fixed release before upgrading.
Disable or remove the plugin where it is not business-critical.
Restrict WordPress administrator access to trusted users only.
Review stored plugin settings and login page content for unexpected script content.
Validation and detection
Confirm whether Better WP Login Page is installed on each WordPress site.
Verify whether the installed version is 1.1.2 or earlier.
Review plugin-managed login page fields for unauthorized HTML or script content.
Check WordPress admin activity logs for suspicious plugin configuration changes.
Document compensating controls if no vendor fix is available.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-79: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-79 · source CWE mapping
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.