CVE-2023-2278 – This vulnerability in the WP Directory Kit Word... (How to Fix)

Q: What is the severity of CVE-2023-2278?

CVE-2023-2278 has a CVSS score of 9.8 (CRITICAL). This vulnerability in the WP Directory Kit WordPress plugin allows unauthenticated attackers to include and execute arbitrary files on the server via the 'wdk_public_action' function. This can lead to remote code execution, data theft, and access control bypass. WordPress sites using WP Directory Kit version 1.1.9 or earlier are affected.

📋 TL;DR

This vulnerability in the WP Directory Kit WordPress plugin allows unauthenticated attackers to include and execute arbitrary files on the server via the 'wdk_public_action' function. This can lead to remote code execution, data theft, and access control bypass. WordPress sites using WP Directory Kit version 1.1.9 or earlier are affected.

💻 Affected Systems

Products:

WP Directory Kit WordPress Plugin

Versions: Up to and including version 1.1.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Wp Directory Kit by Wpdirectorykit

View all CVEs affecting Wp Directory Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data exfiltration, malware deployment, and persistent backdoor access.

🟠

Likely Case

Unauthenticated attackers execute arbitrary PHP code to deface websites, steal sensitive data, or install cryptocurrency miners.

🟢

If Mitigated

Attackers can still probe for vulnerabilities but cannot execute code due to proper file upload restrictions and server hardening.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires minimal technical skill and is actively being exploited in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.0

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2904689/wpdirectorykit/trunk/vendor/Winter_MVC/core/mvc_loader.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Directory Kit and click 'Update Now'. 4. Verify version is 1.2.0 or higher.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the WP Directory Kit plugin until patched.

wp plugin deactivate wpdirectorykit

Restrict File Uploads

linux

Configure web server to block PHP execution in upload directories.

Add 'php_flag engine off' to .htaccess in upload directories

🧯 If You Can't Patch

Immediately disable the WP Directory Kit plugin.
Implement web application firewall rules to block requests containing 'wdk_public_action' parameter.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WP Directory Kit version 1.1.9 or lower.

Check Version:

wp plugin get wpdirectorykit --field=version

Verify Fix Applied:

Confirm WP Directory Kit version is 1.2.0 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'wdk_public_action' parameter with file paths
Unexpected PHP file executions in upload directories

Network Indicators:

POST requests to wp-admin/admin-ajax.php with 'wdk_public_action' parameter

SIEM Query:

source="web_logs" AND uri="*/admin-ajax.php" AND query="*wdk_public_action*"

📊 Metadata

CVE ID: CVE-2023-2278

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: June 13, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON