WordPress SSV Events プラグイン <= 3.2.7 - ローカルファイルインクルージョンによる RCE 脆弱性

The vulnerability allows an attacker to include arbitrary files on the server, leading to complete system compromise. By crafting malicious requests, an attacker can read sensitive configuration files, execute arbitrary code, and potentially gain persistent access to the WordPress environment. This could result in data theft, website defacement, or the installation of malware. The impact is particularly severe due to the plugin's potential access to sensitive event data and user information.

WordPress sites utilizing the Moridrin SSV Events plugin, particularly those running versions 3.2.7 or earlier, are at significant risk. Shared hosting environments where plugin updates are managed centrally are also vulnerable, as are sites with weak file permission configurations.

• wordpress / composer / npm:

grep -r "../../" /var/www/html/wp-content/plugins/ssv-events/

• generic web:

curl -I 'http://your-wordpress-site.com/wp-content/plugins/ssv-events/../../../../etc/passwd'

• wordpress / composer / npm:

wp plugin list --status=inactive | grep ssv-events

1. 2024-10-20Disclosure

   disclosure

1. 予約済み2024-10-14
2. 公開日2024-10-20
3. 更新日2024-10-21
4. EPSS 更新日2026-04-02

The primary mitigation is to immediately upgrade the Moridrin SSV Events plugin to version 3.2.8 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting file access permissions on the server to limit the potential impact of the vulnerability. Implement a Web Application Firewall (WAF) with rules to block attempts to include files outside the designated directory. Monitor WordPress logs for suspicious file inclusion attempts, specifically looking for unusual file paths in requests. After upgrading, verify the fix by attempting a file inclusion request and confirming that it is blocked.