CVE-2024-10952
📋 TL;DR
The Authors List WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes via a vulnerable AJAX endpoint. This vulnerability affects all WordPress sites using the plugin version 2.0.4 or earlier. Attackers can leverage WordPress shortcodes to potentially execute malicious code or access sensitive data.
💻 Affected Systems
- WordPress Authors List plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete site compromise, data theft, or malware installation
Likely Case
Unauthorized content injection, privilege escalation, or sensitive information disclosure via shortcode execution
If Mitigated
Limited impact if shortcode functionality is restricted and proper input validation is enforced
🎯 Exploit Status
Exploitation requires knowledge of WordPress shortcodes but is straightforward once understood
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.0.5 or later
Vendor Advisory: https://wordpress.org/plugins/authors-list/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Authors List' plugin
4. Click 'Update Now' if available
5. If no update appears, manually download version 2.0.5+ from WordPress.org
6. Deactivate old version, upload new version, activate
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allRemove or restrict access to the update_authors_list_ajax action
Add to theme's functions.php or custom plugin:
remove_action('wp_ajax_update_authors_list_ajax', 'authors_list_update_authors_list_ajax');
remove_action('wp_ajax_nopriv_update_authors_list_ajax', 'authors_list_update_authors_list_ajax');
Deactivate plugin
allTemporarily disable the Authors List plugin until patched
wp plugin deactivate authors-list
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests to /wp-admin/admin-ajax.php with suspicious shortcode parameters
- Restrict access to admin-ajax.php from untrusted networks using .htaccess or web server configuration
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Authors List → Version number. If version is 2.0.4 or lower, you are vulnerable.Check Version:
wp plugin list --name=authors-list --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.0.5 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /wp-admin/admin-ajax.php with action=update_authors_list_ajax
- Unusual shortcode execution in WordPress debug logs
- Failed authentication attempts followed by AJAX requests
Network Indicators:
- POST requests to admin-ajax.php with shortcode parameters
- Unusual outbound connections from WordPress server after AJAX requests
SIEM Query:
source="wordpress.log" AND ("update_authors_list_ajax" OR "do_shortcode" WITH suspicious_parameters)🔗 References
- https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.4/backend/includes/class-authors-list-item.php#L843
- https://wordpress.org/plugins/authors-list/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8b3cfe0a-dcfb-40f3-ba43-4e838c113010?source=cve
- https://www.wpkube.com/
