CVE-2024-10674
📋 TL;DR
The Th Shop Mania WordPress theme has a vulnerability that allows authenticated users with Subscriber-level access or higher to install arbitrary plugins without proper authorization. This can lead to remote code execution and privilege escalation by exploiting other plugin vulnerabilities. All WordPress sites using this theme up to version 1.4.9 are affected.
💻 Affected Systems
- Th Shop Mania WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers achieve full site compromise through remote code execution, leading to data theft, defacement, or complete server takeover.
Likely Case
Attackers install malicious plugins to gain administrative access, steal sensitive data, or deploy backdoors for persistent access.
If Mitigated
With proper user role management and security controls, impact is limited to unauthorized plugin installations that can be detected and removed.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.0 or later
Vendor Advisory: https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=247810%40th-shop-mania&new=247810%40th-shop-mania&sfp_email=&sfph_mail=
Restart Required: No
Instructions:
1. Update Th Shop Mania theme to version 1.5.0 or later via WordPress admin panel. 2. Verify theme files are properly updated. 3. Test site functionality after update.
🔧 Temporary Workarounds
Remove vulnerable theme
allSwitch to a different WordPress theme and delete Th Shop Mania theme files
wp theme delete th-shop-mania
Restrict user roles
allTemporarily disable or restrict Subscriber and other low-privilege user accounts
🧯 If You Can't Patch
- Disable or remove the Th Shop Mania theme immediately
- Implement strict user access controls and monitor for suspicious plugin installations
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Th Shop Mania theme version 1.4.9 or earlierCheck Version:
wp theme list --field=name,status,version | grep th-shop-maniaVerify Fix Applied:
Verify theme version is 1.5.0 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unauthorized plugin installation attempts
- Suspicious user activity from Subscriber accounts
- New plugin installations without administrator approval
Network Indicators:
- HTTP POST requests to theme-specific callback functions
- Unusual plugin installation traffic patterns
SIEM Query:
source="wordpress" AND (event="plugin_install" OR event="theme_callback") AND user_role="subscriber"🔗 References
- https://themes.svn.wordpress.org/th-shop-mania/1.4.9/lib/notification/notify.php
- https://themes.trac.wordpress.org/browser/th-shop-mania/1.4.9/lib/notification/notify.php
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=247810%40th-shop-mania&new=247810%40th-shop-mania&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b7832d37-19a9-491b-879e-4a22f2ba46ec?source=cve
