Login Sign Up

CVE-2023-0924

7.2 HIGH

📋 TL;DR

The ZYREX POPUP WordPress plugin through version 1.0 allows administrators to upload arbitrary files without proper validation, bypassing file system restrictions in multisite installations. This vulnerability affects WordPress sites using this plugin, particularly those with multisite configurations where file uploads should be restricted.

💻 Affected Systems

Products:
  • ZYREX POPUP WordPress Plugin
Versions: All versions through 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrator privileges. Particularly dangerous in WordPress multisite installations where file system modifications are typically restricted.

📦 What is this software?

Popup by Zyrex

View all CVEs affecting Popup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with administrator privileges could upload malicious files like webshells, leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Malicious administrators or compromised admin accounts could upload backdoors or malware to maintain persistent access or disrupt site operations.

🟢

If Mitigated

With proper access controls and file upload restrictions, impact is limited to authorized administrators making legitimate file uploads.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrator access. Attack path is straightforward once admin credentials are compromised.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://wpscan.com/vulnerability/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4

Restart Required: No

Instructions:

1. Remove the ZYREX POPUP plugin completely from your WordPress installation. 2. Delete all plugin files from the wp-content/plugins directory. 3. Consider alternative popup plugins with proper security validation.

🔧 Temporary Workarounds

Disable Plugin

all

Deactivate the ZYREX POPUP plugin without removing files

wp plugin deactivate zyrex-popup

Restrict File Uploads

all

Implement server-side file type validation and upload restrictions

🧯 If You Can't Patch

  • Implement strict access controls and monitoring for administrator accounts
  • Deploy web application firewall rules to block suspicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check if ZYREX POPUP plugin is installed and active in WordPress admin panel under Plugins

Check Version:

wp plugin list --name=zyrex-popup --field=version

Verify Fix Applied:

Confirm plugin is completely removed from wp-content/plugins directory and not listed in active plugins

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to popup creation endpoints
  • Administrator account performing unexpected file uploads

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php with file upload parameters
  • Unusual file extensions being uploaded

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND method="POST" AND file_upload="true")

📊 Metadata

CVE ID: CVE-2023-0924
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: May 2, 2023
Last Updated: January 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0924, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)