CVE-2021-24638 – The OMGF WordPress plugin before version 4.5.4 ... (How to Fix)

Q: What is the severity of CVE-2021-24638?

CVE-2021-24638 has a CVSS score of 9.1 (CRITICAL). The OMGF WordPress plugin before version 4.5.4 has an unauthenticated path traversal vulnerability in its REST API. This allows attackers to overwrite arbitrary CSS files with Google Fonts CSS or download fonts from Google Fonts. All WordPress sites running vulnerable OMGF plugin versions are affected.

📋 TL;DR

The OMGF WordPress plugin before version 4.5.4 has an unauthenticated path traversal vulnerability in its REST API. This allows attackers to overwrite arbitrary CSS files with Google Fonts CSS or download fonts from Google Fonts. All WordPress sites running vulnerable OMGF plugin versions are affected.

💻 Affected Systems

Products:

OMGF WordPress Plugin

Versions: All versions before 4.5.4

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with OMGF plugin enabled.

📦 What is this software?

Omgf by Ffw

View all CVEs affecting Omgf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website defacement, injection of malicious CSS leading to credential theft via phishing, or denial of service by overwriting critical CSS files.

🟠

Likely Case

Website defacement through CSS injection, potential SEO damage, and disruption of site appearance.

🟢

If Mitigated

Minimal impact if proper file permissions and web application firewalls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and uses simple HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.4

Vendor Advisory: https://wordpress.org/plugins/omgf/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find OMGF plugin. 4. Click 'Update Now' if available, or download version 4.5.4+ from WordPress repository. 5. Activate updated plugin.

🔧 Temporary Workarounds

Disable OMGF Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate omgf

Restrict REST API Access

all

Block unauthenticated access to WordPress REST API endpoints.

🧯 If You Can't Patch

Implement web application firewall rules to block path traversal attempts.
Set strict file permissions on CSS directories (644 for files, 755 for directories).

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > OMGF version. If version is below 4.5.4, system is vulnerable.

Check Version:

wp plugin get omgf --field=version

Verify Fix Applied:

Confirm OMGF plugin version is 4.5.4 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /wp-json/omgf/v1/ with suspicious handle parameters containing '../' sequences
Unusual file modifications in wp-content/uploads/omgf directory

Network Indicators:

POST requests to OMGF REST API endpoints from unauthenticated sources

SIEM Query:

source="wordpress.log" AND uri_path="/wp-json/omgf/v1/" AND (param_handle="*../*" OR status_code=200)

📊 Metadata

CVE ID: CVE-2021-24638

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-22

Published: September 20, 2021

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/c783a746-f1fe-4d68-9d0a-477de5dbb35c Exploit,Third Party Advisory
https://wpscan.com/vulnerability/c783a746-f1fe-4d68-9d0a-477de5dbb35c Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24638, you might also want to check these: