Platform
wordpress
Component
wp-query-console
Opgelost in
1.0.1
CVE-2024-50498 describes a Remote Code Execution (RCE) vulnerability within the WP Query Console WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially leading to complete system compromise. The vulnerability impacts versions up to and including 1.0. A fix is pending, and users are advised to implement mitigation strategies until a patch is released.
The impact of this RCE vulnerability is severe. A successful exploit allows an attacker to execute arbitrary code on the affected WordPress server with the privileges of the webserver user. This could lead to complete website takeover, data exfiltration, malware installation, and further lateral movement within the network. Given the plugin's functionality (querying WordPress data), an attacker could leverage this to discover sensitive information about the website's database structure and content, aiding in further attacks. The ease of code injection significantly increases the risk of exploitation.
This vulnerability was publicly disclosed on 2024-10-28. No public proof-of-concept (POC) code has been released at the time of writing, but the RCE nature of the vulnerability makes it a high-priority target for exploitation. The EPSS score is likely to be high due to the ease of exploitation and the potential impact. It is recommended to monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns.
Websites using the WP Query Console plugin, particularly those running older versions (≤1.0), are at significant risk. Shared hosting environments are especially vulnerable as they often have limited security controls and a higher density of vulnerable plugins. WordPress sites with weak access controls to the plugin's administrative interface are also at increased risk.
• wordpress / composer / npm:
grep -r "eval(base64_decode" /var/www/html/wp-content/plugins/wp-query-console/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/wp-query-console/ | grep -i 'X-Powered-By'• wordpress / composer / npm:
wp plugin list | grep "wp-query-console"disclosure
Exploit Status
EPSS
91.90% (100% percentiel)
CISA SSVC
CVSS-vector
Since a patch is not yet available, immediate mitigation steps are crucial. First, disable the WP Query Console plugin if possible. If disabling is not an option, restrict access to the plugin's administrative interface to trusted users only. Implement a Web Application Firewall (WAF) with rules to block suspicious code injection attempts targeting the plugin's endpoints. Regularly monitor server logs for any unusual activity or signs of exploitation. Consider using a security plugin that can scan for and alert on code injection vulnerabilities.
Werk de WP Query Console plugin bij naar een versie later dan 1.0. Dit zal de Remote Code Execution (RCE) kwetsbaarheid oplossen. Indien er geen versie beschikbaar is, overweeg dan om de plugin te verwijderen totdat een gecorrigeerde versie is uitgebracht.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-50498 is a critical Remote Code Execution vulnerability in the WP Query Console plugin, allowing attackers to execute arbitrary code on your WordPress server.
You are affected if you are using WP Query Console version 1.0 or earlier. Upgrade as soon as a patch is released.
Currently, a patch is not available. Disable the plugin or restrict access until a fix is released. Implement WAF rules and monitor logs.
While no public exploits are currently available, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted soon.
Check the WP Query Console plugin's official website or WordPress plugin repository for updates and advisories.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.