Platform
wordpress
Component
user-extra-fields
Opgelost in
16.6.1
CVE-2024-11150 is a critical vulnerability affecting the WordPress User Extra Fields plugin, allowing for arbitrary file deletion. This flaw stems from insufficient file path validation within the deletetmpuploaded_file() function. Successful exploitation can lead to remote code execution, particularly if critical configuration files like wp-config.php are deleted. Versions of the plugin up to and including 16.6 are affected.
The impact of CVE-2024-11150 is severe. An unauthenticated attacker can leverage this vulnerability to delete any file accessible to the webserver user. The most concerning scenario involves deleting wp-config.php, which contains sensitive database credentials and configuration settings. Deletion of this file effectively compromises the entire WordPress installation, granting the attacker complete control over the server. Furthermore, deletion of other critical system files could lead to denial of service or further exploitation opportunities. This vulnerability shares similarities with other file deletion vulnerabilities where the attacker gains control by manipulating file paths.
CVE-2024-11150 was publicly disclosed on November 13, 2024. The vulnerability's ease of exploitation and potential for remote code execution suggest a medium probability of exploitation. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
WordPress websites utilizing the User Extra Fields plugin, particularly those running versions prior to 16.6, are at significant risk. Shared hosting environments are especially vulnerable, as they often have limited access controls and a higher concentration of vulnerable WordPress installations. Websites with legacy configurations or those lacking robust security monitoring practices are also at increased risk.
• wordpress / composer / npm:
grep -r 'delete_tmp_uploaded_file' /var/www/html/wp-content/plugins/user-extra-fields/• generic web:
curl -I https://your-wordpress-site.com/wp-content/uploads/tmp/some-file.txt # Check for file existence and access• wordpress / composer / npm:
wp plugin list --status=active | grep 'user-extra-fields'• wordpress / composer / npm:
wp plugin update user-extra-fields --alldisclosure
Exploit Status
EPSS
24.42% (96% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-11150 is to immediately upgrade the WordPress User Extra Fields plugin to a version higher than 16.6, once available. If upgrading is not immediately feasible, consider implementing a temporary workaround by restricting file upload permissions for the webserver user to prevent the attacker from deleting files. Additionally, implement a Web Application Firewall (WAF) rule to block requests containing suspicious file paths or deletion attempts targeting temporary upload directories. Regularly monitor WordPress logs for any unusual file deletion activity.
Werk de WordPress User Extra Fields plugin bij naar de laatste beschikbare versie. De kwetsbaarheid maakt willekeurige bestandverwijdering mogelijk, wat kan leiden tot remote code execution. De update corrigeert de onvoldoende validatie van de bestandspad in de delete_tmp_uploaded_file() functie.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-11150 is a critical vulnerability in the WordPress User Extra Fields plugin allowing unauthenticated attackers to delete files, potentially leading to remote code execution.
You are affected if you are using WordPress User Extra Fields version 16.6 or earlier. Immediately check your plugin version and upgrade if necessary.
Upgrade the WordPress User Extra Fields plugin to a version higher than 16.6. If immediate upgrade is not possible, implement temporary workarounds like restricting file upload permissions and WAF rules.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. Monitor security advisories for updates.
Refer to the official WordPress User Extra Fields plugin website and the WordPress security announcements page for the latest advisory and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.