Plateforme
wordpress
Composant
homey
Corrigé dans
2.4.3
CVE-2024-12281 represents a privilege escalation vulnerability within the Homey WordPress plugin. This flaw allows unauthenticated attackers to bypass intended access controls and gain elevated privileges. The vulnerability impacts versions of Homey up to and including 2.4.2. A fix is available via plugin update.
The core of this vulnerability lies in the plugin's account registration process. Homey, in vulnerable versions, permits newly registered users to self-assign roles, including those with significant administrative capabilities like Editor or Shop Manager. An attacker can exploit this by creating a new account and immediately assigning themselves a privileged role, effectively bypassing standard WordPress user access controls. This grants them the ability to modify content, manage users, and potentially compromise the entire WordPress site, depending on the permissions associated with the assigned role. The blast radius extends to any data accessible by the elevated user, including sensitive information stored within the WordPress database or accessible through plugins.
CVE-2024-12281 was publicly disclosed on 2025-03-05. While no public proof-of-concept (PoC) code has been released, the ease of exploitation makes it a likely target for opportunistic attackers. The vulnerability's criticality (CVSS 9.8) and ease of exploitation suggest a medium probability of exploitation. It is not currently listed on the CISA KEV catalog.
Websites utilizing the Homey plugin, particularly those with open user registration enabled, are at significant risk. Shared hosting environments where multiple WordPress sites share the same server resources are also vulnerable, as a compromise on one site could potentially lead to lateral movement and compromise other sites using the vulnerable plugin.
• wordpress / composer / npm:
grep -r 'wp_set_role\(\"$wp_user->roles\",' /var/www/html/wp-content/plugins/homey/*• wordpress / composer / npm:
wp plugin list --status=active | grep homey• wordpress / composer / npm:
wp plugin update homey --alldisclosure
Statut de l'Exploit
EPSS
0.48% (percentile 65%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-12281 is to immediately update the Homey plugin to a version that addresses the vulnerability. If upgrading is not immediately feasible due to compatibility concerns or breaking changes, consider temporarily restricting user registration roles to prevent new accounts from being created with elevated privileges. WordPress administrators can also implement a Web Application Firewall (WAF) rule to block requests attempting to assign privileged roles during account creation. Regularly review user roles and permissions to identify and remove any unauthorized elevated accounts. After upgrading, confirm the fix by attempting to create a new user account and verifying that role assignment is restricted.
Mettez à jour le thème Homey vers la dernière version disponible. Cela corrigera la vulnérabilité d'escalade de privilèges qui permet à des utilisateurs non authentifiés d'obtenir des rôles d'Éditeur ou de Gestionnaire de boutique.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-12281 is a critical vulnerability in the Homey WordPress plugin allowing attackers to gain elevated privileges by creating accounts with Editor or Shop Manager roles.
If you are using Homey plugin versions ≤2.4.2, you are affected by this vulnerability. Check your plugin version and update immediately.
Update the Homey plugin to the latest version available. If upgrading is not immediately possible, restrict user registration roles as a temporary workaround.
While no public exploits are currently known, the vulnerability's criticality and ease of exploitation suggest a medium probability of exploitation.
Refer to the plugin developer's website or the WordPress plugin repository for the latest advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.