Login Sign Up

CVE-2024-0212

8.1 HIGH
Authentication Bypass

📋 TL;DR

The Cloudflare WordPress plugin has an improper authentication vulnerability that allows attackers with lower-privileged WordPress accounts to access Cloudflare API data. This affects WordPress sites using vulnerable versions of the Cloudflare plugin. Attackers could potentially view or modify Cloudflare settings without proper authorization.

💻 Affected Systems

Products:
  • Cloudflare WordPress Plugin
Versions: Versions before 4.12.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the Cloudflare plugin installed and activated.

📦 What is this software?

Cloudflare by Cloudflare

View all CVEs affecting Cloudflare →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify Cloudflare settings, potentially disabling security features, redirecting traffic, or exposing sensitive site configuration data.

🟠

Likely Case

Attackers with contributor or author-level access could view Cloudflare API keys and configuration data, potentially enabling further attacks against the Cloudflare account.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized data viewing rather than configuration changes.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires at least contributor-level WordPress account access. Exploitation is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.12.3

Vendor Advisory: https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Cloudflare plugin. 4. Click 'Update Now' if available, or download v4.12.3 from WordPress repository. 5. Activate updated plugin.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the Cloudflare plugin until patching is possible

wp plugin deactivate cloudflare

Restrict WordPress User Roles

all

Limit users to subscriber role only for untrusted accounts

🧯 If You Can't Patch

  • Implement strict WordPress user role management, limiting accounts to subscriber role only
  • Enable Cloudflare API audit logging and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins → Cloudflare version number

Check Version:

wp plugin get cloudflare --field=version

Verify Fix Applied:

Verify Cloudflare plugin version is 4.12.3 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized Cloudflare API calls from non-admin WordPress users
  • Multiple failed authentication attempts to Cloudflare endpoints

Network Indicators:

  • Unusual API requests to Cloudflare endpoints from WordPress server

SIEM Query:

source="wordpress" AND (event="cloudflare_api_call" AND user_role!="administrator")

📊 Metadata

CVE ID: CVE-2024-0212
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-284
Published: January 29, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0212, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)