Plattform
wordpress
Komponente
ssv-events
Behoben in
3.2.8
CVE-2024-49286 describes a Remote Code Execution (RCE) vulnerability within the Moridrin SSV Events WordPress plugin. This flaw, stemming from improper limitation of a pathname, allows attackers to leverage PHP Local File Inclusion. Versions of SSV Events up to and including 3.2.7 are affected, and a patch is available in version 3.2.8.
The vulnerability allows an attacker to include arbitrary files on the server, leading to complete system compromise. By crafting malicious requests, an attacker can read sensitive configuration files, execute arbitrary code, and potentially gain persistent access to the WordPress environment. This could result in data theft, website defacement, or the installation of malware. The impact is particularly severe due to the plugin's potential access to sensitive event data and user information.
This vulnerability was publicly disclosed on 2024-10-20. While no active exploitation campaigns have been definitively linked to CVE-2024-49286 at the time of writing, the RCE nature and ease of exploitation make it a high-priority target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the vulnerability's simplicity.
WordPress sites utilizing the Moridrin SSV Events plugin, particularly those running versions 3.2.7 or earlier, are at significant risk. Shared hosting environments where plugin updates are managed centrally are also vulnerable, as are sites with weak file permission configurations.
• wordpress / composer / npm:
grep -r "../../" /var/www/html/wp-content/plugins/ssv-events/• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/ssv-events/../../../../etc/passwd'• wordpress / composer / npm:
wp plugin list --status=inactive | grep ssv-eventsdisclosure
Exploit-Status
EPSS
0.87% (75% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade the Moridrin SSV Events plugin to version 3.2.8 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting file access permissions on the server to limit the potential impact of the vulnerability. Implement a Web Application Firewall (WAF) with rules to block attempts to include files outside the designated directory. Monitor WordPress logs for suspicious file inclusion attempts, specifically looking for unusual file paths in requests. After upgrading, verify the fix by attempting a file inclusion request and confirming that it is blocked.
Actualice el plugin SSV Events a la última versión disponible. La vulnerabilidad de inclusión de archivos locales que permite la ejecución remota de código (RCE) se encuentra en versiones anteriores a la más reciente. La actualización corregirá esta vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-49286 is a critical Remote Code Execution vulnerability in the Moridrin SSV Events WordPress plugin, allowing attackers to include arbitrary files on the server.
Yes, if you are using Moridrin SSV Events version 3.2.7 or earlier, you are vulnerable to this RCE flaw.
Upgrade the Moridrin SSV Events plugin to version 3.2.8 or later to patch the vulnerability. Consider WAF rules as a temporary workaround.
While no confirmed active exploitation campaigns are currently known, the vulnerability's severity and ease of exploitation suggest it is a high-priority target.
Refer to the Moridrin website and WordPress plugin repository for the latest advisory and update information regarding CVE-2024-49286.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.