Plattform
wordpress
Komponente
exclusive-content-password-protect
Behoben in
1.1.1
CVE-2024-52402 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Cliconomics Exclusive Content Password Protect. This vulnerability allows an attacker to upload a web shell to a web server, leading to potential remote code execution. The vulnerability affects versions of the plugin from n/a up to and including 1.1.0. A patch has been released in version 1.1.1.
The primary impact of CVE-2024-52402 is the ability for an attacker to upload arbitrary files, specifically web shells, to the WordPress server. A web shell provides a malicious actor with a command-and-control interface, enabling them to execute arbitrary code on the server. This could lead to complete compromise of the WordPress site, including data exfiltration, defacement, and further attacks against the underlying infrastructure. The attacker could potentially gain access to sensitive data stored within the WordPress database or use the compromised server as a launchpad for attacks against other systems on the network. The ease of exploitation via CSRF significantly increases the risk.
CVE-2024-52402 was publicly disclosed on 2024-11-19. While no active exploitation campaigns have been definitively confirmed, the CRITICAL severity and ease of exploitation via CSRF suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is likely to emerge given the vulnerability's nature and severity.
WordPress websites utilizing the Exclusive Content Password Protect plugin, particularly those running versions prior to 1.1.1, are at significant risk. Shared hosting environments are especially vulnerable as they often lack granular control over plugin configurations and file permissions. Sites with weak CSRF protection or inadequate input validation on file upload endpoints are also at heightened risk.
• wordpress / composer / npm:
wp plugin list | grep 'Exclusive Content Password Protect'• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
grep -r 'upload_dir' /var/www/html/wp-content/plugins/exclusive-content-password-protect/• generic web: Check for unusual files in the WordPress uploads directory (wp-content/uploads) using file system scans or security monitoring tools.
disclosure
Exploit-Status
EPSS
9.01% (93% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-52402 is to immediately upgrade to version 1.1.1 or later of the Exclusive Content Password Protect plugin. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing stricter input validation and sanitization on file upload endpoints. While not a complete solution, a Web Application Firewall (WAF) configured to block suspicious file uploads and CSRF attacks can provide an additional layer of defense. Regularly review WordPress plugin permissions and restrict access to sensitive files and directories.
Actualice el plugin Exclusive Content Password Protect a la última versión disponible. La vulnerabilidad permite la subida de archivos arbitrarios, lo que podría comprometer la seguridad del sitio web. La actualización corrige la vulnerabilidad CSRF que permite esta acción.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-52402 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allowing attackers to upload web shells, potentially leading to remote code execution.
You are affected if you are using Exclusive Content Password Protect versions from n/a through 1.1.0. Check your plugin version immediately.
Upgrade to version 1.1.1 or later of the Exclusive Content Password Protect plugin. If immediate upgrade is not possible, implement temporary mitigations like WAF rules and stricter input validation.
While no confirmed active exploitation campaigns are currently known, the CRITICAL severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Cliconomics website and WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.