CVE-2024-10516
📋 TL;DR
The Swift Performance Lite WordPress plugin contains a Local File Inclusion vulnerability in its 'ajaxify' function, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server. This can lead to remote code execution, data theft, and access control bypass. All WordPress sites using Swift Performance Lite version 2.3.7.1 or earlier are affected.
💻 Affected Systems
- Swift Performance Lite WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data exfiltration, ransomware deployment, or persistent backdoor installation
Likely Case
Unauthenticated attackers executing arbitrary PHP code to deface websites, steal sensitive data, or install cryptocurrency miners
If Mitigated
Limited impact if file uploads are restricted and server permissions are properly configured
🎯 Exploit Status
Exploitation is straightforward via HTTP requests to vulnerable endpoints
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.7.2
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3201933/
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Swift Performance Lite
4. Click 'Update Now' if available
5. If not, download version 2.3.7.2+ from WordPress repository
6. Deactivate old version
7. Upload and activate new version
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate Swift Performance Lite plugin until patched
wp plugin deactivate swift-performance-lite
Restrict file uploads
linuxConfigure web server to block PHP file uploads in upload directories
location ~ \.php$ { deny all; }
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to block requests containing file inclusion patterns
- Restrict network access to WordPress admin interface and implement IP whitelisting
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Swift Performance Lite version numberCheck Version:
wp plugin get swift-performance-lite --field=versionVerify Fix Applied:
Verify plugin version is 2.3.7.2 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-admin/admin-ajax.php with 'action=swift_performance_ajaxify' and file inclusion parameters
- Unusual PHP file execution in upload directories
Network Indicators:
- POST requests to admin-ajax.php with file path parameters
- Unexpected outbound connections from web server
SIEM Query:
source="web_access.log" AND uri="/wp-admin/admin-ajax.php" AND query="*action=swift_performance_ajaxify*" AND (query="*file=*" OR query="*path=*")🔗 References
- https://plugins.trac.wordpress.org/browser/swift-performance-lite/trunk/includes/classes/class.ajax.php#L795
- https://plugins.trac.wordpress.org/browser/swift-performance-lite/trunk/includes/classes/class.ajax.php#L824
- https://plugins.trac.wordpress.org/changeset/3201933/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4921f41a-a9b1-4ae2-a903-c14ed22dcc15?source=cve
