Plataforma
wordpress
Componente
wp-query-console
Corrigido em
1.0.1
CVE-2024-50498 describes a Remote Code Execution (RCE) vulnerability within the WP Query Console WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially leading to complete system compromise. The vulnerability impacts versions up to and including 1.0. A fix is pending, and users are advised to implement mitigation strategies until a patch is released.
The impact of this RCE vulnerability is severe. A successful exploit allows an attacker to execute arbitrary code on the affected WordPress server with the privileges of the webserver user. This could lead to complete website takeover, data exfiltration, malware installation, and further lateral movement within the network. Given the plugin's functionality (querying WordPress data), an attacker could leverage this to discover sensitive information about the website's database structure and content, aiding in further attacks. The ease of code injection significantly increases the risk of exploitation.
This vulnerability was publicly disclosed on 2024-10-28. No public proof-of-concept (POC) code has been released at the time of writing, but the RCE nature of the vulnerability makes it a high-priority target for exploitation. The EPSS score is likely to be high due to the ease of exploitation and the potential impact. It is recommended to monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns.
Websites using the WP Query Console plugin, particularly those running older versions (≤1.0), are at significant risk. Shared hosting environments are especially vulnerable as they often have limited security controls and a higher density of vulnerable plugins. WordPress sites with weak access controls to the plugin's administrative interface are also at increased risk.
• wordpress / composer / npm:
grep -r "eval(base64_decode" /var/www/html/wp-content/plugins/wp-query-console/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/wp-query-console/ | grep -i 'X-Powered-By'• wordpress / composer / npm:
wp plugin list | grep "wp-query-console"disclosure
Status do Exploit
EPSS
91.90% (percentil 100%)
CISA SSVC
Vetor CVSS
Since a patch is not yet available, immediate mitigation steps are crucial. First, disable the WP Query Console plugin if possible. If disabling is not an option, restrict access to the plugin's administrative interface to trusted users only. Implement a Web Application Firewall (WAF) with rules to block suspicious code injection attempts targeting the plugin's endpoints. Regularly monitor server logs for any unusual activity or signs of exploitation. Consider using a security plugin that can scan for and alert on code injection vulnerabilities.
Atualize o plugin WP Query Console para uma versão posterior a 1.0. Isso resolverá a vulnerabilidade de execução remota de código. Se não houver uma versão disponível, considere desinstalar o plugin até que uma versão corrigida seja publicada.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-50498 is a critical Remote Code Execution vulnerability in the WP Query Console plugin, allowing attackers to execute arbitrary code on your WordPress server.
You are affected if you are using WP Query Console version 1.0 or earlier. Upgrade as soon as a patch is released.
Currently, a patch is not available. Disable the plugin or restrict access until a fix is released. Implement WAF rules and monitor logs.
While no public exploits are currently available, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted soon.
Check the WP Query Console plugin's official website or WordPress plugin repository for updates and advisories.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.