CVE-2024-10763
📋 TL;DR
The Campress WordPress theme contains a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbitrary PHP files on the server. This can lead to remote code execution, data theft, and complete system compromise. All WordPress sites using Campress theme version 1.35 or earlier are affected.
💻 Affected Systems
- Campress WordPress Theme
📦 What is this software?
Campress by Apuswp
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover via remote code execution, data exfiltration, installation of persistent backdoors, and lateral movement to other systems.
Likely Case
Website defacement, credential theft, installation of cryptocurrency miners or malware, and data breach of sensitive information.
If Mitigated
Limited impact if file uploads are restricted and web server runs with minimal privileges, though information disclosure may still occur.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability via the campress_woocommerce_get_ajax_products function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.35
Vendor Advisory: https://themeforest.net/item/campress-responsive-education-courses-and-events-wordpress-theme/19355619
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Campress theme update is available. 4. Update to latest version. 5. Clear WordPress cache if applicable.
🔧 Temporary Workarounds
Disable vulnerable function
allRemove or disable the campress_woocommerce_get_ajax_products function from theme files
# Locate theme directory: wp-content/themes/campress
# Backup theme files first
# Edit functions.php or relevant theme file to remove/comment out vulnerable function
Web Application Firewall rule
linuxBlock requests containing local file inclusion patterns
# Example ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,msg:'Local File Inclusion attempt'
🧯 If You Can't Patch
- Immediately disable or remove the Campress theme and switch to a secure alternative
- Implement strict file upload restrictions and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Campress theme version 1.35 or earlierCheck Version:
grep -r "Version:" wp-content/themes/campress/style.cssVerify Fix Applied:
Verify theme version is updated beyond 1.35 and test that campress_woocommerce_get_ajax_products function no longer accepts file path parameters📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-admin/admin-ajax.php with action=campress_woocommerce_get_ajax_products containing file path parameters
- Unusual file inclusion attempts in web server logs
- PHP errors related to file inclusion
Network Indicators:
- POST requests with file path traversal sequences (../) to WordPress AJAX endpoints
- Unusual outbound connections from web server after exploitation
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND (params.action="campress_woocommerce_get_ajax_products" OR params CONTAINS "../")