CVE-2023-32244
📋 TL;DR
This vulnerability in the XTemos Woodmart Core WordPress plugin allows attackers to escalate privileges due to improper privilege management. Attackers can gain administrative access to WordPress sites running vulnerable versions. All WordPress installations using Woodmart Core versions up to 1.0.36 are affected.
💻 Affected Systems
- XTemos Woodmart Core WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain full administrative control, install backdoors, steal sensitive data, deface the site, or use it for further attacks.
Likely Case
Attackers gain administrative privileges to modify content, install malicious plugins/themes, or access sensitive user data.
If Mitigated
Limited impact if proper network segmentation, strong authentication, and monitoring are in place to detect and block privilege escalation attempts.
🎯 Exploit Status
Exploitation requires some level of access (subscriber or higher). The vulnerability is well-documented and simple to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.37 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-privilege-escalation
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Woodmart Core and update to version 1.0.37 or later. 4. Verify update completed successfully.
🔧 Temporary Workarounds
Disable Woodmart Core Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate woodmart-core
Restrict User Registration
allDisable new user registration to limit attack surface
Update WordPress Settings → General → Membership: Uncheck 'Anyone can register'
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access WordPress admin interfaces
- Enable detailed logging and monitoring for user privilege changes and admin actions
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Woodmart Core versionCheck Version:
wp plugin list --name=woodmart-core --field=versionVerify Fix Applied:
Verify Woodmart Core version is 1.0.37 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unexpected user role changes in WordPress logs
- Multiple failed login attempts followed by successful admin login from new IP
- Administrative actions from previously non-admin users
Network Indicators:
- Unusual HTTP POST requests to WordPress admin-ajax.php or admin-post.php endpoints
- Traffic patterns suggesting privilege escalation attempts
SIEM Query:
source="wordpress.log" AND ("user role changed" OR "capabilities changed")