Platform
wordpress
Component
file-manager
Fixed in
6.5.6
CVE-2024-7627 is a Remote Code Execution (RCE) vulnerability affecting the Bit File Manager plugin for WordPress. This vulnerability allows unauthenticated attackers to execute arbitrary code on the server if the administrator has granted Guest User read permissions. It impacts versions 6.0 through 6.5.5. A patch is available, and upgrading is the recommended remediation.
The impact of this vulnerability is significant. An attacker can achieve remote code execution on a WordPress server, potentially gaining full control of the system. This could lead to data breaches, website defacement, malware installation, and further compromise of the network. The requirement for Guest User read permissions, while potentially limiting the immediate scope, still represents a substantial risk, particularly in environments where this permission is granted for convenience. Successful exploitation could allow an attacker to steal sensitive data, modify website content, or use the server as a launchpad for attacks against other systems.
This vulnerability was publicly disclosed on 2024-09-05. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation and the plugin's popularity suggest a high probability of exploitation. No Proof of Concept (PoC) code has been publicly released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
28.56% (97% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade the Bit File Manager plugin to a patched version. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider temporarily restricting Guest User read permissions within the WordPress environment. Web Application Firewalls (WAFs) can be configured to block requests targeting the vulnerable 'checkSyntax' function. Monitor WordPress access logs for suspicious activity, specifically looking for requests involving temporary file creation or access in publicly accessible directories. After upgrade, confirm by attempting to trigger the 'checkSyntax' function with a malicious payload and verifying that it is properly rejected.
Update the Bit File Manager plugin to the latest available version. This will resolve the Remote Code Execution vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-7627 is a Remote Code Execution vulnerability in the Bit File Manager plugin for WordPress versions 6.0–6.5.5, allowing attackers to execute code on the server.
You are affected if you are using Bit File Manager versions 6.0 through 6.5.5 and have Guest User read permissions enabled.
Upgrade the Bit File Manager plugin to the latest patched version. Temporarily restrict Guest User read permissions as a workaround.
While no active exploitation campaigns have been confirmed, the vulnerability's ease of exploitation suggests a high probability of exploitation.
Refer to the Bit File Manager plugin's official website or WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.