CVE-2021-24493 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2021-24493?

CVE-2021-24493 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to upload malicious files (including PHP scripts) to WordPress sites running the Shopp plugin. This leads to remote code execution, enabling complete system compromise. All WordPress installations with Shopp plugin versions up to 1.4 are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload malicious files (including PHP scripts) to WordPress sites running the Shopp plugin. This leads to remote code execution, enabling complete system compromise. All WordPress installations with Shopp plugin versions up to 1.4 are affected.

💻 Affected Systems

Products:

WordPress Shopp eCommerce Plugin

Versions: All versions through 1.4

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable in default configuration. No special settings required for exploitation.

📦 What is this software?

Shopp by Ingenesis

View all CVEs affecting Shopp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with attacker gaining full administrative access, data theft, malware deployment, and use as attack platform.

🟠

Likely Case

Website defacement, data exfiltration, backdoor installation, and cryptocurrency mining malware deployment.

🟢

If Mitigated

No impact if proper file upload restrictions and web application firewalls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request with malicious file upload. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.4.1 or later

Vendor Advisory: https://wpscan.com/vulnerability/dcc7be04-550b-427a-a14f-a2365d96a00e

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Shopp plugin and click 'Update Now'. 4. Verify version is 1.4.1 or higher.

🔧 Temporary Workarounds

Disable Shopp Plugin

linux

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate shopp

Web Application Firewall Rule

all

Block requests to the vulnerable AJAX endpoint.

# Add to .htaccess: RewriteRule ^wp-admin/admin-ajax\.php\?action=shopp_upload_file - [F,L]

🧯 If You Can't Patch

Implement strict file upload validation at web server level
Deploy web application firewall with specific rules blocking shopp_upload_file requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Shopp version. If version is 1.4 or lower, you are vulnerable.

Check Version:

wp plugin get shopp --field=version

Verify Fix Applied:

Confirm Shopp plugin version is 1.4.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-admin/admin-ajax.php with action=shopp_upload_file
File uploads with .php extension to upload directories
Unusual file creation in wp-content/uploads/shopp/

Network Indicators:

HTTP POST to admin-ajax.php with shopp_upload_file parameter
File uploads bypassing normal WordPress media upload flow

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data="*shopp_upload_file*"

📊 Metadata

CVE ID: CVE-2021-24493

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: September 13, 2021

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/dcc7be04-550b-427a-a14f-a2365d96a00e Exploit,Third Party Advisory
https://wpscan.com/vulnerability/dcc7be04-550b-427a-a14f-a2365d96a00e Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24493, you might also want to check these: