Platform
wordpress
Component
ssv-events
Fixed in
3.2.8
CVE-2024-49286 describes a Remote Code Execution (RCE) vulnerability within the Moridrin SSV Events WordPress plugin. This flaw, stemming from improper limitation of a pathname, allows attackers to leverage PHP Local File Inclusion. Versions of SSV Events up to and including 3.2.7 are affected, and a patch is available in version 3.2.8.
The vulnerability allows an attacker to include arbitrary files on the server, leading to complete system compromise. By crafting malicious requests, an attacker can read sensitive configuration files, execute arbitrary code, and potentially gain persistent access to the WordPress environment. This could result in data theft, website defacement, or the installation of malware. The impact is particularly severe due to the plugin's potential access to sensitive event data and user information.
This vulnerability was publicly disclosed on 2024-10-20. While no active exploitation campaigns have been definitively linked to CVE-2024-49286 at the time of writing, the RCE nature and ease of exploitation make it a high-priority target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the vulnerability's simplicity.
Exploit Status
EPSS
0.87% (75% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade the Moridrin SSV Events plugin to version 3.2.8 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting file access permissions on the server to limit the potential impact of the vulnerability. Implement a Web Application Firewall (WAF) with rules to block attempts to include files outside the designated directory. Monitor WordPress logs for suspicious file inclusion attempts, specifically looking for unusual file paths in requests. After upgrading, verify the fix by attempting a file inclusion request and confirming that it is blocked.
Update the SSV Events plugin to the latest available version. The Local File Inclusion vulnerability allowing Remote Code Execution (RCE) exists in older versions than the most recent. Updating will fix this vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-49286 is a critical Remote Code Execution vulnerability in the Moridrin SSV Events WordPress plugin, allowing attackers to include arbitrary files on the server.
Yes, if you are using Moridrin SSV Events version 3.2.7 or earlier, you are vulnerable to this RCE flaw.
Upgrade the Moridrin SSV Events plugin to version 3.2.8 or later to patch the vulnerability. Consider WAF rules as a temporary workaround.
While no confirmed active exploitation campaigns are currently known, the vulnerability's severity and ease of exploitation suggest it is a high-priority target.
Refer to the Moridrin website and WordPress plugin repository for the latest advisory and update information regarding CVE-2024-49286.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.