Plattform
wordpress
Komponente
git-sync
Behoben in
1.1.1
CVE-2024-54368 describes a Remote Code Execution (RCE) vulnerability within the GitSync WordPress plugin. This vulnerability, stemming from a Cross-Site Request Forgery (CSRF) flaw, allows attackers to inject and execute malicious code. Versions of GitSync up to and including 1.1.0 are affected, and a patch is available in version 1.1.1.
The impact of this RCE vulnerability is severe. An attacker can leverage a CSRF request to inject arbitrary code into the GitSync plugin, effectively gaining complete control over the WordPress site. This could lead to data breaches, website defacement, malware installation, and potential compromise of the entire server infrastructure. The attacker could steal sensitive user data, modify website content, or use the compromised site as a launchpad for further attacks against other systems on the network. Given the plugin's functionality, access to Git repositories could also be compromised.
CVE-2024-54368 was publicly disclosed on December 16, 2024. While no public proof-of-concept (PoC) code has been widely released, the severity of the vulnerability and the ease of exploitation via CSRF suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV, but its CRITICAL CVSS score warrants close monitoring. Active campaigns targeting WordPress plugins are common, so vigilance is advised.
WordPress sites utilizing the GitSync plugin, particularly those with limited security configurations or shared hosting environments, are at significant risk. Sites with outdated WordPress installations or those lacking robust CSRF protection mechanisms are especially vulnerable. Users who have not recently reviewed plugin permissions or implemented WAF rules are also at increased risk.
• wordpress / composer / npm:
grep -r 'gitSync_update_repo' /var/www/html/wp-content/plugins/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/gitsync/ | grep -i 'csrf-token'• wordpress / composer / npm:
wp plugin list --status=all | grep GitSyncdisclosure
Exploit-Status
EPSS
0.11% (29% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-54368 is to immediately upgrade the GitSync plugin to version 1.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block suspicious CSRF requests targeting the GitSync plugin's endpoints. Carefully review and restrict user permissions within the WordPress environment to limit the potential impact of a successful attack. Monitor WordPress logs for unusual activity, particularly requests containing potentially malicious code.
Aktualisieren Sie das GitSync-Plugin auf eine Version, die neuer als 1.1.0 ist. Dies behebt die CSRF-Vulnerabilität, die die Remote-Code-Ausführung ermöglicht. Das Update kann über das WordPress-Administrationspanel im Plugin-Bereich durchgeführt werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-54368 is a critical Remote Code Execution vulnerability in the GitSync WordPress plugin, allowing attackers to execute arbitrary code through a CSRF flaw.
Yes, if you are using GitSync version 1.1.0 or earlier, you are affected by this vulnerability.
Upgrade the GitSync plugin to version 1.1.1 or later to resolve the vulnerability. Consider WAF rules as a temporary workaround.
While no public exploits are widespread, the high severity and ease of exploitation suggest a high probability of active exploitation.
Refer to the official GitSync plugin documentation and WordPress security announcements for the latest advisory information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.