CVE-2024-56029

High

Published: 02 January 2025

Published

02 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0014 34.2th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56029 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

Directly mitigates reflected XSS by filtering web page outputs to neutralize untrusted input, preventing script execution in the victim's browser.

SI-10 Information Input Validation good match

prevent

Validates information inputs to the WordPress plugin, rejecting or sanitizing malicious payloads that could be reflected as executable scripts.

SI-2 Flaw Remediation good match

prevent

Remediates the improper input neutralization flaw in Easy Language Switcher versions <=1.0 through timely identification, reporting, and patching.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1566.002 Spearphishing Link Initial Access

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

Why these techniques?

Reflected XSS in public-facing WordPress plugin directly enables T1190 exploitation and T1566.002 malicious link delivery; cookie theft impact maps to T1539 session cookie theft.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dreamwinner Easy Language Switcher easy-language-switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through <= 1.0.

Deeper analysisAI

CVE-2024-56029 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the dreamwinner Easy Language Switcher WordPress plugin (easy-language-switcher). This issue affects all versions from n/a through 1.0 inclusive. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility and scope change.

Attackers can exploit this reflected XSS over the network with low attack complexity, requiring no privileges but user interaction, such as clicking a malicious link. Exploitation reflects unsanitized input into the web page, allowing script execution in the victim's browser context with changed scope. This enables limited impacts on confidentiality, integrity, and availability, such as session hijacking via cookie theft or minor site defacement.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/easy-language-switcher/vulnerability/wordpress-easy-language-switcher-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve) documents the vulnerability in the WordPress Easy Language Switcher plugin version 1.0.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2025-24592Shared CWE-79

CVE-2025-24557Shared CWE-79

CVE-2025-67952Shared CWE-79

CVE-2026-7371Shared CWE-79

CVE-2026-32529Shared CWE-79

CVE-2025-23646Shared CWE-79

CVE-2025-24710Shared CWE-79

CVE-2025-24700Shared CWE-79

CVE-2025-23681Shared CWE-79

CVE-2025-68845Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/easy-language-switcher/vulnerability/wordpress-easy-language-switcher-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com