CVE-2024-10590
📋 TL;DR
The Opt-In Downloads WordPress plugin allows authenticated attackers with Subscriber-level access or higher to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution, particularly on NGINX servers. All WordPress sites using this plugin up to version 4.07 are affected.
💻 Affected Systems
- Opt-In Downloads WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data theft, and persistent backdoor installation.
Likely Case
Unauthorized file uploads enabling web shell deployment and limited server access.
If Mitigated
File uploads blocked or contained with proper validation and server hardening.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.08 or later
Vendor Advisory: https://codecanyon.net/item/subscribe-download/2687305
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find Opt-In Downloads plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and remove plugin immediately
🔧 Temporary Workarounds
Disable plugin
allDeactivate and remove the vulnerable plugin
wp plugin deactivate opt-in-downloads
wp plugin delete opt-in-downloads
Restrict file uploads
linuxAdd server-side file type validation
# Add to .htaccess for Apache:
<FilesMatch "\.(php|phtml|php3|php4|php5|phps|pl|py|jsp|asp|sh|cgi)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Remove Subscriber upload capabilities via user role editor
- Implement web application firewall with file upload filtering
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Opt-In Downloads version. If version is 4.07 or lower, you are vulnerable.Check Version:
wp plugin get opt-in-downloads --field=versionVerify Fix Applied:
Verify plugin version is 4.08 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads/opt-in-downloads/
- PHP/executable files in upload directories
- Multiple failed login attempts followed by successful Subscriber login
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with file upload parameters
- Unusual outbound connections from web server
SIEM Query:
source="web_logs" AND (uri="/wp-admin/admin-ajax.php" AND action="admin_upload") AND (file_extension="php" OR file_extension="phtml" OR file_extension="jsp")