CVE-2023-22677 – CVE-2023-22677 is a code injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2023-22677?

CVE-2023-22677 has a CVSS score of 8.5 (HIGH). CVE-2023-22677 is a code injection vulnerability in the WordPress WP Booklet plugin that allows remote attackers to execute arbitrary code on affected systems. This affects all WordPress sites running WP Booklet versions up to 2.1.8. Attackers can potentially take full control of vulnerable websites.

📋 TL;DR

CVE-2023-22677 is a code injection vulnerability in the WordPress WP Booklet plugin that allows remote attackers to execute arbitrary code on affected systems. This affects all WordPress sites running WP Booklet versions up to 2.1.8. Attackers can potentially take full control of vulnerable websites.

💻 Affected Systems

Products:

WordPress WP Booklet plugin

Versions: All versions up to and including 2.1.8

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the vulnerable plugin enabled.

📦 What is this software?

Wp Booklet by Binarystash

View all CVEs affecting Wp Booklet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the WordPress installation leading to data theft, defacement, malware distribution, or use as a foothold for lateral movement in the network.

🟠

Likely Case

Remote code execution leading to website takeover, data exfiltration, or installation of backdoors and malware.

🟢

If Mitigated

Limited impact if proper web application firewalls and input validation are in place, though the vulnerability remains exploitable.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and has been weaponized in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.9 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-booklet/wordpress-wp-booklet-plugin-2-1-8-remote-code-execution-rce

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Booklet and update to version 2.1.9 or later. 4. If update not available, deactivate and delete the plugin immediately.

🔧 Temporary Workarounds

Disable WP Booklet plugin

all

Temporarily disable the vulnerable plugin until patched version is available

wp plugin deactivate wp-booklet

Web Application Firewall rule

all

Block requests to wp-booklet endpoints

Add WAF rule to block /wp-content/plugins/wp-booklet/*

🧯 If You Can't Patch

Immediately deactivate and remove the WP Booklet plugin from all WordPress installations
Implement strict input validation and output encoding for all user-controlled data

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WP Booklet version 2.1.8 or earlier

Check Version:

wp plugin list --name=wp-booklet --field=version

Verify Fix Applied:

Verify WP Booklet plugin version is 2.1.9 or later in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-content/plugins/wp-booklet/
PHP execution errors in web server logs
Unauthorized file uploads or modifications

Network Indicators:

HTTP requests containing suspicious payloads to wp-booklet endpoints
Unexpected outbound connections from web server

SIEM Query:

source="web_server" AND (uri="*wp-booklet*" AND (method="POST" OR method="PUT"))

📊 Metadata

CVE ID: CVE-2023-22677

CVSS v3 Score: 8.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-94

Published: December 29, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22677, you might also want to check these: