CVE-2021-24823 – The Support Board WordPress plugin before versi... (How to Fix)

Q: What is the severity of CVE-2021-24823?

CVE-2021-24823 has a CVSS score of 8.1 (HIGH). The Support Board WordPress plugin before version 3.3.6 lacks CSRF protection in its AJAX handlers, allowing attackers to trick logged-in administrators into performing unauthorized actions. This vulnerability affects WordPress sites using the vulnerable plugin version, potentially leading to arbitrary file deletion or other malicious operations.

📋 TL;DR

The Support Board WordPress plugin before version 3.3.6 lacks CSRF protection in its AJAX handlers, allowing attackers to trick logged-in administrators into performing unauthorized actions. This vulnerability affects WordPress sites using the vulnerable plugin version, potentially leading to arbitrary file deletion or other malicious operations.

💻 Affected Systems

Products:

Support Board WordPress Plugin

Versions: All versions before 3.3.6

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the plugin to be installed and activated on a WordPress site. The vulnerability is present in default configurations.

📦 What is this software?

Support Board by Schiocco

View all CVEs affecting Support Board →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete critical WordPress files, leading to site disruption, data loss, or privilege escalation to remote code execution through file manipulation.

🟠

Likely Case

Attackers would use CSRF to make administrators delete files, potentially disrupting site functionality or enabling further attacks.

🟢

If Mitigated

With proper CSRF protections and user awareness, exploitation would be prevented even if the vulnerable plugin is installed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking a logged-in administrator into visiting a malicious page. The vulnerability is well-documented with public proof-of-concept details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.6

Vendor Advisory: https://wpscan.com/vulnerability/1bdebd9e-a7f2-4f55-b5b0-185eb619ebaf

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Support Board' and check if version is below 3.3.6. 4. Click 'Update Now' if available, or manually update via FTP by replacing plugin files with version 3.3.6 or later.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate the Support Board plugin until patched to prevent exploitation.

wp plugin deactivate support-board

CSRF Protection Middleware

all

Implement custom CSRF protection at the web server or application level for AJAX endpoints.

🧯 If You Can't Patch

Implement strict access controls and limit administrator sessions to trusted networks only.
Use web application firewalls (WAF) with CSRF protection rules and monitor for suspicious AJAX requests to include/ajax.php.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel under Plugins > Installed Plugins for Support Board version. If version is below 3.3.6, the site is vulnerable.

Check Version:

wp plugin get support-board --field=version

Verify Fix Applied:

After updating, verify the Support Board plugin shows version 3.3.6 or higher in the WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-content/plugins/support-board/include/ajax.php from unexpected sources
Multiple file deletion events in WordPress or server logs

Network Indicators:

CSRF attack patterns targeting AJAX endpoints without referrer validation
Suspicious redirects or iframe loads in administrator sessions

SIEM Query:

source="wordpress.log" AND "include/ajax.php" AND ("DELETE" OR "unlink" OR "rm")

📊 Metadata

CVE ID: CVE-2021-24823

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE: CWE-352

Published: February 28, 2022

Last Updated: November 21, 2024

🔗 References

https://noob3xploiter.medium.com/support-board-3-3-4-arbitrary-file-deletion-to-remote-code-execution-da4c45b45c83 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/1bdebd9e-a7f2-4f55-b5b0-185eb619ebaf Exploit,Third Party Advisory
https://noob3xploiter.medium.com/support-board-3-3-4-arbitrary-file-deletion-to-remote-code-execution-da4c45b45c83 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/1bdebd9e-a7f2-4f55-b5b0-185eb619ebaf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24823, you might also want to check these: