Platform
wordpress
Component
exclusive-content-password-protect
Fixed in
1.1.1
CVE-2024-52402 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Cliconomics Exclusive Content Password Protect. This vulnerability allows an attacker to upload a web shell to a web server, leading to potential remote code execution. The vulnerability affects versions of the plugin from n/a up to and including 1.1.0. A patch has been released in version 1.1.1.
The primary impact of CVE-2024-52402 is the ability for an attacker to upload arbitrary files, specifically web shells, to the WordPress server. A web shell provides a malicious actor with a command-and-control interface, enabling them to execute arbitrary code on the server. This could lead to complete compromise of the WordPress site, including data exfiltration, defacement, and further attacks against the underlying infrastructure. The attacker could potentially gain access to sensitive data stored within the WordPress database or use the compromised server as a launchpad for attacks against other systems on the network. The ease of exploitation via CSRF significantly increases the risk.
CVE-2024-52402 was publicly disclosed on 2024-11-19. While no active exploitation campaigns have been definitively confirmed, the CRITICAL severity and ease of exploitation via CSRF suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is likely to emerge given the vulnerability's nature and severity.
Exploit Status
EPSS
9.01% (93% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-52402 is to immediately upgrade to version 1.1.1 or later of the Exclusive Content Password Protect plugin. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing stricter input validation and sanitization on file upload endpoints. While not a complete solution, a Web Application Firewall (WAF) configured to block suspicious file uploads and CSRF attacks can provide an additional layer of defense. Regularly review WordPress plugin permissions and restrict access to sensitive files and directories.
Update the Exclusive Content Password Protect plugin to the latest available version. The vulnerability allows for arbitrary file uploads, which could compromise the security of the website. The update fixes the CSRF vulnerability that enables this action.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-52402 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allowing attackers to upload web shells, potentially leading to remote code execution.
You are affected if you are using Exclusive Content Password Protect versions from n/a through 1.1.0. Check your plugin version immediately.
Upgrade to version 1.1.1 or later of the Exclusive Content Password Protect plugin. If immediate upgrade is not possible, implement temporary mitigations like WAF rules and stricter input validation.
While no confirmed active exploitation campaigns are currently known, the CRITICAL severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Cliconomics website and WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.