Platform
wordpress
Component
git-sync
Fixed in
1.1.1
CVE-2024-54368 describes a Remote Code Execution (RCE) vulnerability within the GitSync WordPress plugin. This vulnerability, stemming from a Cross-Site Request Forgery (CSRF) flaw, allows attackers to inject and execute malicious code. Versions of GitSync up to and including 1.1.0 are affected, and a patch is available in version 1.1.1.
The impact of this RCE vulnerability is severe. An attacker can leverage a CSRF request to inject arbitrary code into the GitSync plugin, effectively gaining complete control over the WordPress site. This could lead to data breaches, website defacement, malware installation, and potential compromise of the entire server infrastructure. The attacker could steal sensitive user data, modify website content, or use the compromised site as a launchpad for further attacks against other systems on the network. Given the plugin's functionality, access to Git repositories could also be compromised.
CVE-2024-54368 was publicly disclosed on December 16, 2024. While no public proof-of-concept (PoC) code has been widely released, the severity of the vulnerability and the ease of exploitation via CSRF suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV, but its CRITICAL CVSS score warrants close monitoring. Active campaigns targeting WordPress plugins are common, so vigilance is advised.
Exploit Status
EPSS
0.11% (29% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-54368 is to immediately upgrade the GitSync plugin to version 1.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block suspicious CSRF requests targeting the GitSync plugin's endpoints. Carefully review and restrict user permissions within the WordPress environment to limit the potential impact of a successful attack. Monitor WordPress logs for unusual activity, particularly requests containing potentially malicious code.
Update the GitSync plugin to a version later than 1.1.0. This will fix the CSRF vulnerability that allows remote code execution. The update can be performed from the WordPress admin panel, in the plugins section.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-54368 is a critical Remote Code Execution vulnerability in the GitSync WordPress plugin, allowing attackers to execute arbitrary code through a CSRF flaw.
Yes, if you are using GitSync version 1.1.0 or earlier, you are affected by this vulnerability.
Upgrade the GitSync plugin to version 1.1.1 or later to resolve the vulnerability. Consider WAF rules as a temporary workaround.
While no public exploits are widespread, the high severity and ease of exploitation suggest a high probability of active exploitation.
Refer to the official GitSync plugin documentation and WordPress security announcements for the latest advisory information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.