Plateforme
wordpress
Composant
exclusive-content-password-protect
Corrigé dans
1.1.1
CVE-2024-52402 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Cliconomics Exclusive Content Password Protect. This vulnerability allows an attacker to upload a web shell to a web server, leading to potential remote code execution. The vulnerability affects versions of the plugin from n/a up to and including 1.1.0. A patch has been released in version 1.1.1.
The primary impact of CVE-2024-52402 is the ability for an attacker to upload arbitrary files, specifically web shells, to the WordPress server. A web shell provides a malicious actor with a command-and-control interface, enabling them to execute arbitrary code on the server. This could lead to complete compromise of the WordPress site, including data exfiltration, defacement, and further attacks against the underlying infrastructure. The attacker could potentially gain access to sensitive data stored within the WordPress database or use the compromised server as a launchpad for attacks against other systems on the network. The ease of exploitation via CSRF significantly increases the risk.
CVE-2024-52402 was publicly disclosed on 2024-11-19. While no active exploitation campaigns have been definitively confirmed, the CRITICAL severity and ease of exploitation via CSRF suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is likely to emerge given the vulnerability's nature and severity.
WordPress websites utilizing the Exclusive Content Password Protect plugin, particularly those running versions prior to 1.1.1, are at significant risk. Shared hosting environments are especially vulnerable as they often lack granular control over plugin configurations and file permissions. Sites with weak CSRF protection or inadequate input validation on file upload endpoints are also at heightened risk.
• wordpress / composer / npm:
wp plugin list | grep 'Exclusive Content Password Protect'• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
grep -r 'upload_dir' /var/www/html/wp-content/plugins/exclusive-content-password-protect/• generic web: Check for unusual files in the WordPress uploads directory (wp-content/uploads) using file system scans or security monitoring tools.
disclosure
Statut de l'Exploit
EPSS
9.01% (percentile 93%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-52402 is to immediately upgrade to version 1.1.1 or later of the Exclusive Content Password Protect plugin. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing stricter input validation and sanitization on file upload endpoints. While not a complete solution, a Web Application Firewall (WAF) configured to block suspicious file uploads and CSRF attacks can provide an additional layer of defense. Regularly review WordPress plugin permissions and restrict access to sensitive files and directories.
Mettez à jour le plugin Exclusive Content Password Protect vers la dernière version disponible. La vulnérabilité permet le téléchargement de fichiers arbitraires, ce qui pourrait compromettre la sécurité du site web. La mise à jour corrige la vulnérabilité CSRF qui permet cette action.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-52402 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allowing attackers to upload web shells, potentially leading to remote code execution.
You are affected if you are using Exclusive Content Password Protect versions from n/a through 1.1.0. Check your plugin version immediately.
Upgrade to version 1.1.1 or later of the Exclusive Content Password Protect plugin. If immediate upgrade is not possible, implement temporary mitigations like WAF rules and stricter input validation.
While no confirmed active exploitation campaigns are currently known, the CRITICAL severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Cliconomics website and WordPress plugin repository for the official advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.