Plattform
wordpress
Komponente
swift-performance-lite
Behoben in
2.3.8
CVE-2024-10516 describes a Local PHP File Inclusion (LFI) vulnerability affecting the Swift Performance Lite plugin for WordPress. This vulnerability allows unauthenticated attackers to include and execute arbitrary files on the server, potentially leading to complete system compromise. The vulnerability impacts versions of the plugin up to and including 2.3.7.1. A fix is available in later versions.
The impact of this LFI vulnerability is significant. An attacker can leverage it to execute arbitrary PHP code on the WordPress server. This could involve uploading a malicious PHP file disguised as an image, then including it through the vulnerable 'ajaxify' function. Successful exploitation allows attackers to bypass access controls, steal sensitive data (database credentials, user information, configuration files), and potentially gain full control of the web server. The ability to execute arbitrary code opens the door to a wide range of malicious activities, including defacement, malware installation, and data exfiltration. This vulnerability shares similarities with other LFI exploits where attackers leverage file upload mechanisms to inject malicious code.
CVE-2024-10516 was publicly disclosed on December 6, 2024. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation and the plugin's popularity suggest a potential for rapid exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of widespread exploitation.
Websites utilizing the Swift Performance Lite plugin, particularly those running older versions (≤2.3.7.1), are at risk. Shared hosting environments are especially vulnerable, as attackers may be able to exploit the vulnerability through other users' websites on the same server. WordPress installations with weak file upload permissions are also at increased risk.
• wordpress / plugin:
wp plugin list | grep 'Swift Performance Lite'• wordpress / plugin: Check plugin version. If <= 2.3.7.1, the system is vulnerable. • wordpress / server: Examine web server access logs for requests to the 'ajaxify' function with unusual or suspicious file paths (e.g., ../../). • wordpress / server: Monitor file uploads for PHP files disguised as other file types (e.g., image.php.jpg). • wordpress / server: Review WordPress plugin directory permissions to ensure only authorized users can upload files.
disclosure
Exploit-Status
EPSS
85.40% (99% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-10516 is to upgrade the Swift Performance Lite plugin to a version newer than 2.3.7.1, where the vulnerability has been addressed. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting file upload permissions to prevent attackers from uploading malicious PHP files. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious file paths or patterns related to the 'ajaxify' function. Review and harden WordPress file permissions to limit the impact of potential code execution. After upgrading, confirm the fix by attempting to trigger the 'ajaxify' function with a known malicious file path; it should be blocked or result in an error.
Actualice el plugin Swift Performance Lite a la última versión disponible. La vulnerabilidad se encuentra en versiones anteriores a la más reciente. La actualización corregirá la vulnerabilidad de inclusión de archivos PHP.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-10516 is a Local PHP File Inclusion vulnerability in the Swift Performance Lite WordPress plugin, allowing attackers to execute arbitrary code if the plugin version is 2.3.7.1 or earlier.
You are affected if you are using the Swift Performance Lite WordPress plugin version 2.3.7.1 or earlier. Check your plugin version immediately.
Upgrade the Swift Performance Lite plugin to a version greater than 2.3.7.1. If immediate upgrade is not possible, implement temporary workarounds like restricting file uploads.
While no active exploitation campaigns have been confirmed, the vulnerability's ease of exploitation suggests a potential for rapid exploitation.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.