CVE-2023-33318 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2023-33318?

CVE-2023-33318 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows attackers to upload arbitrary files to WordPress sites using vulnerable versions of the AutomateWoo plugin for WooCommerce. Attackers can upload malicious files like PHP shells to gain remote code execution. All WordPress sites with AutomateWoo versions up to 4.9.40 are affected.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files to WordPress sites using vulnerable versions of the AutomateWoo plugin for WooCommerce. Attackers can upload malicious files like PHP shells to gain remote code execution. All WordPress sites with AutomateWoo versions up to 4.9.40 are affected.

💻 Affected Systems

Products:

WordPress AutomateWoo plugin (formerly WooCommerce Follow-up Emails)

Versions: All versions up to and including 4.9.40

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WooCommerce to be installed. No special configuration needed for exploitation.

📦 What is this software?

Automatewoo by Woocommerce

View all CVEs affecting Automatewoo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or website defacement.

🟠

Likely Case

Remote code execution allowing attackers to install backdoors, steal sensitive data, or pivot to other systems.

🟢

If Mitigated

File upload attempts blocked, but attackers may still attempt exploitation.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing and this allows unauthenticated file uploads.

🏢 Internal Only: MEDIUM - Internal WordPress instances could still be compromised if accessible to attackers.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is trivial with publicly available proof-of-concept code. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.9.41 and later

Vendor Advisory: https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-arbitrary-file-upload-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find AutomateWoo. 4. Click 'Update Now' if available. 5. If no update shows, manually download version 4.9.41+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Disable AutomateWoo plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate automatewoo

Restrict file uploads via .htaccess

linux

Block PHP file uploads to WordPress uploads directory

Add to .htaccess in wp-content/uploads: <Files *.php> deny from all </Files>

🧯 If You Can't Patch

Disable the AutomateWoo plugin immediately
Implement web application firewall rules to block file uploads to vulnerable endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → AutomateWoo version. If version is 4.9.40 or lower, you are vulnerable.

Check Version:

wp plugin get automatewoo --field=version

Verify Fix Applied:

Verify AutomateWoo version is 4.9.41 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/uploads/ directory
POST requests to AutomateWoo endpoints with file parameters
PHP file creation in uploads directory

Network Indicators:

HTTP POST requests with file uploads to AutomateWoo endpoints
Unexpected outbound connections from web server after file upload

SIEM Query:

source="web_logs" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "automatewoo") AND method="POST" AND (params CONTAINS "file" OR params CONTAINS "upload")

📊 Metadata

CVE ID: CVE-2023-33318

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: December 20, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33318, you might also want to check these: