CVE-2024-10585
📋 TL;DR
The InfiniteWP Client WordPress plugin contains a path traversal vulnerability that allows unauthenticated attackers to read .txt files outside intended directories. This affects all WordPress sites using InfiniteWP Client plugin versions up to 1.13.0. Attackers can potentially access sensitive configuration or log files.
💻 Affected Systems
- InfiniteWP Client WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers read sensitive system files containing credentials, configuration data, or other sensitive information leading to further compromise.
Likely Case
Attackers read debug logs or configuration files that may contain partial system information or plugin data.
If Mitigated
Limited to reading only .txt files in accessible directories with no sensitive content.
🎯 Exploit Status
Simple HTTP request manipulation required. Public exploit code available in vulnerability references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.13.1
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3202851/iwp-client/trunk/debug-chart/index.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find InfiniteWP Client plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.13.1+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable debug-chart directory access
allBlock access to the vulnerable debug-chart directory via web server configuration
# For Apache: add to .htaccess
<Location "/wp-content/plugins/iwp-client/debug-chart/">
Deny from all
</Location>
# For Nginx: add to server block
location ~* /wp-content/plugins/iwp-client/debug-chart/ {
deny all;
}
Deactivate plugin
linuxTemporarily disable the InfiniteWP Client plugin
wp plugin deactivate iwp-client
🧯 If You Can't Patch
- Remove the InfiniteWP Client plugin entirely if not needed
- Implement strict web application firewall rules to block path traversal patterns
🔍 How to Verify
Check if Vulnerable:
Check if /wp-content/plugins/iwp-client/debug-chart/index.php exists and test with crafted historyID parameter containing '../' sequencesCheck Version:
wp plugin get iwp-client --field=versionVerify Fix Applied:
Verify plugin version is 1.13.1 or higher and test path traversal attempts return proper error responses📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-content/plugins/iwp-client/debug-chart/index.php with '../' sequences in parameters
- Multiple failed attempts to access files with .txt extension from unusual paths
Network Indicators:
- Unusual GET requests containing path traversal patterns to the debug-chart endpoint
SIEM Query:
source="web_access_logs" AND uri="/wp-content/plugins/iwp-client/debug-chart/index.php" AND (query="*../*" OR query="*..%2f*")