Plataforma
wordpress
Componente
file-manager
Corrigido em
6.5.6
CVE-2024-7627 is a Remote Code Execution (RCE) vulnerability affecting the Bit File Manager plugin for WordPress. This vulnerability allows unauthenticated attackers to execute arbitrary code on the server if the administrator has granted Guest User read permissions. It impacts versions 6.0 through 6.5.5. A patch is available, and upgrading is the recommended remediation.
The impact of this vulnerability is significant. An attacker can achieve remote code execution on a WordPress server, potentially gaining full control of the system. This could lead to data breaches, website defacement, malware installation, and further compromise of the network. The requirement for Guest User read permissions, while potentially limiting the immediate scope, still represents a substantial risk, particularly in environments where this permission is granted for convenience. Successful exploitation could allow an attacker to steal sensitive data, modify website content, or use the server as a launchpad for attacks against other systems.
This vulnerability was publicly disclosed on 2024-09-05. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation and the plugin's popularity suggest a high probability of exploitation. No Proof of Concept (PoC) code has been publicly released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. It is not currently listed on the CISA KEV catalog.
WordPress websites utilizing the Bit File Manager plugin, particularly those with Guest User read permissions enabled, are at significant risk. Shared hosting environments where plugin updates are not consistently managed are also particularly vulnerable. Sites relying on legacy WordPress configurations or those with less stringent security practices are also at increased risk.
• wordpress / composer / npm:
grep -r 'checkSyntax' /var/www/html/wp-content/plugins/bit-file-manager/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/bit-file-manager/checkSyntax.php | grep -i '200 OK'• wordpress / composer / npm:
wp plugin list | grep 'bit-file-manager'• wordpress / composer / npm:
wp plugin update bit-file-managerdisclosure
Status do Exploit
EPSS
28.56% (percentil 97%)
CISA SSVC
Vetor CVSS
The primary mitigation is to upgrade the Bit File Manager plugin to a patched version. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider temporarily restricting Guest User read permissions within the WordPress environment. Web Application Firewalls (WAFs) can be configured to block requests targeting the vulnerable 'checkSyntax' function. Monitor WordPress access logs for suspicious activity, specifically looking for requests involving temporary file creation or access in publicly accessible directories. After upgrade, confirm by attempting to trigger the 'checkSyntax' function with a malicious payload and verifying that it is properly rejected.
Actualice el plugin Bit File Manager a la última versión disponible. Esto solucionará la vulnerabilidad de ejecución remota de código.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-7627 is a Remote Code Execution vulnerability in the Bit File Manager plugin for WordPress versions 6.0–6.5.5, allowing attackers to execute code on the server.
You are affected if you are using Bit File Manager versions 6.0 through 6.5.5 and have Guest User read permissions enabled.
Upgrade the Bit File Manager plugin to the latest patched version. Temporarily restrict Guest User read permissions as a workaround.
While no active exploitation campaigns have been confirmed, the vulnerability's ease of exploitation suggests a high probability of exploitation.
Refer to the Bit File Manager plugin's official website or WordPress plugin repository for the latest advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.