Platform
wordpress
Component
maxi-blocks
Fixed in
1.9.3
CVE-2024-6885 is an arbitrary file deletion vulnerability affecting the MaxiBlocks WordPress plugin. This vulnerability allows authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the server, potentially leading to remote code execution. The vulnerability exists in versions of the plugin up to and including 1.9.2. A patch is available; users are strongly advised to upgrade.
The primary impact of CVE-2024-6885 is the ability for an authenticated attacker to delete arbitrary files on a WordPress server. While the vulnerability requires authentication (Subscriber role or higher), this is a relatively low barrier to entry for many WordPress installations. The most critical scenario involves deleting the wp-config.php file, which contains sensitive database credentials and configuration settings. Deletion of this file would effectively disable the WordPress site and potentially allow an attacker to gain control of the database. Other sensitive files, such as those containing API keys or private keys, could also be targeted. This vulnerability shares similarities with other file deletion vulnerabilities where the ultimate goal is to achieve remote code execution by manipulating critical system files.
CVE-2024-6885 was publicly disclosed on July 23, 2024. The vulnerability's ease of exploitation, combined with the widespread use of WordPress and the plugin, suggests a potential for active exploitation. There are currently no known public exploits or KEV listings for this CVE. The EPSS score is likely to be medium, given the relatively low authentication requirement and potential for significant impact.
Exploit Status
EPSS
7.87% (92% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-6885 is to upgrade the MaxiBlocks plugin to a version higher than 1.9.2, where the vulnerability has been addressed. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider restricting file permissions on the WordPress server to limit the attacker's ability to delete files. Implement a Web Application Firewall (WAF) with rules to block requests attempting to access or manipulate files outside of the intended directories. Regularly review WordPress plugin access levels to ensure that only necessary roles have file management privileges. After upgrading, confirm the fix by attempting to access the vulnerable endpoints with an authenticated user account and verifying that file deletion is prevented.
Actualice el plugin MaxiBlocks a la última versión disponible. La vulnerabilidad que permite la eliminación arbitraria de archivos ha sido corregida en versiones posteriores a la 1.9.2. Esto evitará que usuarios autenticados con privilegios de suscriptor o superiores puedan explotar esta vulnerabilidad.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-6885 is a vulnerability allowing authenticated attackers to delete arbitrary files on a WordPress server through the MaxiBlocks plugin, potentially leading to remote code execution.
You are affected if you are using the MaxiBlocks plugin in versions 1.9.2 or earlier. Check your plugin version and upgrade immediately.
Upgrade the MaxiBlocks plugin to a version higher than 1.9.2. Consider implementing WAF rules and restricting file permissions as temporary mitigations.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential for active campaigns. Monitor your systems closely.
Refer to the official MaxiBlocks plugin website or WordPress plugin repository for the latest security advisories and updates related to CVE-2024-6885.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.