Platform
wordpress
Component
s2member
Fixed in
241114.0.1
CVE-2024-51815 represents a critical Remote Code Execution (RCE) vulnerability discovered in the WP Sharks s2Member Pro WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially leading to complete compromise of the affected WordPress installation. The vulnerability impacts versions of s2Member Pro from the initial release through version 241114, with a fix available in version 241114.0.1.
The impact of this RCE vulnerability is severe. A successful exploit allows an attacker to execute arbitrary code on the server hosting the WordPress site, effectively granting them full control. This could involve stealing sensitive data (user credentials, database contents, financial information), modifying website content, installing malware, or using the compromised server as a launchpad for further attacks against other systems. Given the widespread use of WordPress and the plugin's membership functionality, the potential blast radius is significant, impacting both the website owner and its users.
CVE-2024-51815 was publicly disclosed on December 6, 2024. While no active exploitation campaigns have been definitively confirmed, the CRITICAL severity and ease of exploitation (code injection) suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Exploit Status
EPSS
0.19% (41% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-51815 is to immediately upgrade to version 241114.0.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. While no specific WAF rules are readily available, generic code injection prevention rules might offer some limited protection. Closely monitor WordPress logs for any suspicious activity, particularly requests containing unusual characters or patterns that could indicate an attempted code injection. After upgrading, verify the fix by attempting a code injection payload through a vulnerable endpoint (if known) and confirming that it is blocked.
Update the s2Member plugin to the latest available version. If no version is available, consider disabling or removing the plugin until a patched version is released. Consult the vendor's website for more information and updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-51815 is a critical Remote Code Execution vulnerability in the s2Member Pro WordPress plugin, allowing attackers to execute arbitrary code on the server.
You are affected if you are using s2Member Pro versions less than or equal to 241114. Check your plugin version and upgrade immediately.
Upgrade to version 241114.0.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like monitoring logs.
While no active campaigns are confirmed, the CRITICAL severity and ease of exploitation suggest a high probability of exploitation.
Refer to the WP Sharks website and WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.