WordPress Insertify plugin <= 1.1.4 - CSRF to Remote Code Execution vulnerability
traduzindo…Plataforma
wordpress
Componente
insertify
Corrigido em
1.1.5
CVE-2024-54372 describes a critical Remote Code Execution (RCE) vulnerability affecting the Insertify WordPress plugin. This vulnerability allows attackers to inject code through Cross-Site Request Forgery (CSRF), potentially leading to complete system compromise. The vulnerability impacts versions of Insertify up to and including 1.1.4, with a fix available in version 1.1.5.
Detecte esta CVE no seu projeto
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Impacto e Cenários de Ataquetraduzindo…
The impact of this RCE vulnerability is severe. A successful exploit allows an attacker to execute arbitrary code on the WordPress server hosting the Insertify plugin. This could lead to complete website takeover, data theft, defacement, or the installation of malware. Given the plugin's functionality (inserting content), an attacker could potentially inject malicious code into the website's database or modify core files, leading to widespread compromise. The CSRF aspect means an attacker doesn't necessarily need to authenticate to exploit the vulnerability, making it particularly dangerous.
Contexto de Exploraçãotraduzindo…
CVE-2024-54372 was publicly disclosed on December 16, 2024. While no public proof-of-concept (PoC) code has been widely released, the RCE nature and ease of CSRF exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV, but its critical severity warrants close monitoring. Active campaigns targeting WordPress plugins are common, so vigilance is essential.
Quem Está em Riscotraduzindo…
Websites using the Insertify plugin, particularly those with vulnerable versions (≤1.1.4), are at significant risk. Shared hosting environments are especially vulnerable as they often have limited control over plugin updates. WordPress sites with weak CSRF protection are also at increased risk.
Passos de Detecçãotraduzindo…
• wordpress / composer / npm:
grep -r 'insertify_plugin_url' /var/www/html/*• wordpress / composer / npm:
wp plugin list --status=inactive | grep Insertify• wordpress / composer / npm:
wp plugin update --all• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/insertify/ | grep -i 'insertify'Linha do Tempo do Ataque
- Disclosure
disclosure
Inteligência de Ameaças
Status do Exploit
EPSS
0.07% (percentil 22%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Nenhum — sem autenticação necessária para explorar.
- User Interaction
- Necessária — a vítima deve abrir um arquivo, clicar em um link ou visitar uma página.
- Scope
- Alterado — o ataque pode pivotar para além do componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Baixo — negação de serviço parcial ou intermitente.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2024-54372 is to immediately upgrade the Insertify plugin to version 1.1.5 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the Insertify plugin to prevent exploitation. While a direct WAF rule is difficult to implement due to the CSRF nature, implementing strict CSRF protection on all WordPress admin endpoints is a general best practice. Regularly review WordPress plugin installations and ensure they are from trusted sources.
Como corrigirtraduzindo…
Actualice el plugin Insertify a la última versión disponible. La vulnerabilidad CSRF permite la ejecución remota de código, por lo que es crucial aplicar la actualización lo antes posible. Si no hay una versión corregida disponible, considere deshabilitar el plugin temporalmente hasta que se publique una actualización.
Boletim de Segurança CVE
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Perguntas frequentestraduzindo…
What is CVE-2024-54372 — RCE in Insertify WordPress Plugin?
CVE-2024-54372 is a critical Remote Code Execution vulnerability in the Insertify WordPress plugin, allowing attackers to inject code via CSRF and potentially take control of the website.
Am I affected by CVE-2024-54372 in Insertify WordPress Plugin?
You are affected if you are using Insertify versions 1.1.4 or earlier. Check your plugin version and upgrade immediately.
How do I fix CVE-2024-54372 in Insertify WordPress Plugin?
Upgrade the Insertify plugin to version 1.1.5 or later. If immediate upgrade is not possible, temporarily disable the plugin.
Is CVE-2024-54372 being actively exploited?
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of active campaigns.
Where can I find the official Insertify advisory for CVE-2024-54372?
Refer to the Insertify plugin's official website or WordPress plugin repository for the latest advisory and update information.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.