CVE-2024-10629
📋 TL;DR
The GPX Viewer WordPress plugin allows authenticated attackers with subscriber-level access or higher to create arbitrary files on the server due to missing security checks. This vulnerability can lead to remote code execution on affected WordPress sites. All WordPress sites using GPX Viewer version 2.2.8 or earlier are vulnerable.
💻 Affected Systems
- GPX Viewer WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data theft, malware deployment, or site defacement.
Likely Case
Unauthorized file creation leading to backdoor installation, privilege escalation, or data exfiltration.
If Mitigated
Limited impact if proper file permissions, web application firewalls, and authentication controls are in place.
🎯 Exploit Status
Exploitation requires authenticated access but only subscriber-level privileges, which are commonly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.9
Vendor Advisory: https://plugins.trac.wordpress.org/browser/gpx-viewer/tags/2.2.9/gpx-viewer-admin.php#L144
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find GPX Viewer and click 'Update Now'. 4. Verify version shows 2.2.9 or higher.
🔧 Temporary Workarounds
Disable GPX Viewer Plugin
allTemporarily disable the vulnerable plugin until patching is possible.
wp plugin deactivate gpx-viewer
Restrict User Registration
allDisable new user registration to prevent attacker account creation.
Settings → General → Membership → Uncheck 'Anyone can register'
🧯 If You Can't Patch
- Remove subscriber role from all non-essential users
- Implement web application firewall rules to block file upload attempts to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → GPX Viewer version. If version is 2.2.8 or lower, you are vulnerable.Check Version:
wp plugin get gpx-viewer --field=versionVerify Fix Applied:
After updating, verify GPX Viewer shows version 2.2.9 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=gpxv_file_upload
- Unauthorized file creation in uploads directory
- PHP file uploads from non-admin users
Network Indicators:
- HTTP POST requests containing file uploads to admin-ajax.php endpoint
- Suspicious file types being uploaded via WordPress
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="gpxv_file_upload"