CVE-2021-24376 – This vulnerability in the Autoptimize WordPress... (How to Fix)

Q: What is the severity of CVE-2021-24376?

CVE-2021-24376 has a CVSS score of 9.8 (CRITICAL). This vulnerability in the Autoptimize WordPress plugin allows attackers to upload malicious PHP files through the Import Settings feature, bypassing previous security fixes. Attackers can achieve remote code execution on vulnerable WordPress sites. All WordPress sites running Autoptimize plugin versions before 2.7.8 are affected.

📋 TL;DR

This vulnerability in the Autoptimize WordPress plugin allows attackers to upload malicious PHP files through the Import Settings feature, bypassing previous security fixes. Attackers can achieve remote code execution on vulnerable WordPress sites. All WordPress sites running Autoptimize plugin versions before 2.7.8 are affected.

💻 Affected Systems

Products:

Autoptimize WordPress Plugin

Versions: All versions before 2.7.8

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires plugin to be installed and Import Settings feature accessible (typically requires admin access).

📦 What is this software?

Autoptimize by Autoptimize

View all CVEs affecting Autoptimize →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing attackers to execute arbitrary code, steal data, install backdoors, or pivot to other systems.

🟠

Likely Case

Website defacement, data theft, malware distribution, or cryptocurrency mining through uploaded PHP shells.

🟢

If Mitigated

No impact if plugin is patched or disabled, or if file uploads are properly restricted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin access to WordPress dashboard. Public exploit code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.8 and later

Vendor Advisory: https://wordpress.org/plugins/autoptimize/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin dashboard. 2. Go to Plugins → Installed Plugins. 3. Find Autoptimize and click 'Update Now'. 4. Verify version is 2.7.8 or higher.

🔧 Temporary Workarounds

Disable Import Settings Feature

all

Remove or restrict access to the Import Settings functionality

Edit wp-config.php and add: define('AUTOPTIMIZE_DISABLE_IMPORT', true);

Disable Plugin

linux

Temporarily disable Autoptimize plugin until patched

wp plugin deactivate autoptimize

🧯 If You Can't Patch

Restrict file uploads in WordPress to prevent PHP file execution
Implement web application firewall rules to block malicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin dashboard → Plugins → Autoptimize version. If version is below 2.7.8, system is vulnerable.

Check Version:

wp plugin get autoptimize --field=version

Verify Fix Applied:

Verify Autoptimize plugin version is 2.7.8 or higher in WordPress admin dashboard.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to wp-content/cache/autoptimize/
PHP file execution from unexpected locations
Admin user importing settings with zip files

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with action=ao_import_settings
Upload of zip files to WordPress admin endpoints

SIEM Query:

source="wordpress.log" AND ("ao_import_settings" OR "autoptimize import") AND file_extension="zip"

📊 Metadata

CVE ID: CVE-2021-24376

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 21, 2021

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/93edcc23-894a-46c2-84d2-407dcb64ba1e Exploit,Third Party Advisory
https://wpscan.com/vulnerability/93edcc23-894a-46c2-84d2-407dcb64ba1e Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24376, you might also want to check these: