Plattform
wordpress
Komponente
wpbakery
Behoben in
7.7.1
A critical Local File Inclusion (LFI) vulnerability has been identified in WPBakery Visual Composer, affecting versions up to 7.7. This flaw allows authenticated attackers with Author-level access or higher to include and execute arbitrary files on the server, potentially leading to complete system compromise. The vulnerability was publicly disclosed on August 6, 2024, and a patched version is recommended to address the risk.
The impact of CVE-2024-5709 is severe. An attacker who can successfully exploit this vulnerability can execute arbitrary PHP code on the WordPress server. This can lead to a complete takeover of the website, including data theft, modification, and defacement. The attacker could potentially access sensitive information stored in the WordPress database, such as user credentials, customer data, and financial information. Furthermore, the attacker could use the compromised server as a launchpad for further attacks against other systems on the network, achieving lateral movement. This vulnerability shares similarities with other LFI exploits where file inclusion allows for code execution, potentially bypassing security controls.
CVE-2024-5709 was publicly disclosed on August 6, 2024. Currently, there is no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. Public proof-of-concept (PoC) code is likely to emerge given the ease of exploitation once the vulnerability became public.
WordPress websites utilizing WPBakery Visual Composer, particularly those with weak user authentication or inadequate file upload restrictions, are at significant risk. Shared hosting environments where users have Author-level access or higher are especially vulnerable, as attackers can leverage this privilege to compromise the entire hosting account.
• wordpress / composer / npm:
grep -r 'layout_name' /var/www/html/wp-content/plugins/wpb-visual-composer/• wordpress / composer / npm:
wp plugin list --status=active | grep wpb-visual-composer• wordpress / composer / npm:
curl -I http://your-wordpress-site.com/wp-content/plugins/wpb-visual-composer/layout.php?layout_name=../../../../wp-config.php• generic web: Check WordPress plugin directory for mentions of the vulnerability and associated IOCs.
disclosure
Exploit-Status
EPSS
0.69% (72% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-5709 is to upgrade WPBakery Visual Composer to a patched version. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider restricting file access permissions to the WordPress uploads directory. Implement a Web Application Firewall (WAF) with rules to block requests containing suspicious characters in the 'layout_name' parameter. Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin. Carefully review any uploaded files to ensure they are safe and do not contain malicious code. After upgrade, confirm the vulnerability is resolved by attempting to access a non-existent PHP file through the vulnerable parameter and verifying that access is denied.
Actualice el plugin WPBakery Visual Composer a la última versión disponible. Esto solucionará la vulnerabilidad de inclusión de archivos locales.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-5709 is a Local File Inclusion vulnerability in WPBakery Visual Composer versions up to 7.7, allowing authenticated attackers to execute arbitrary PHP code.
If you are using WPBakery Visual Composer version 7.7 or earlier, you are vulnerable to this LFI exploit.
Upgrade WPBakery Visual Composer to the latest patched version. Implement temporary workarounds like restricting file uploads and input validation if immediate upgrade is not possible.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests it is likely to be targeted soon.
Refer to the official WPBakery website and WordPress security announcements for the latest advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.