CVE-2024-10959
📋 TL;DR
This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes via the woot_get_smth AJAX action in the Active Products Tables for WooCommerce plugin. Attackers can potentially inject malicious code or access restricted functionality. All WordPress sites using this plugin up to version 1.0.6.5 are affected.
💻 Affected Systems
- Active Products Tables for WooCommerce WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete site compromise, data theft, or malware injection
Likely Case
Unauthorized content injection, privilege escalation, or data exposure through shortcode execution
If Mitigated
Limited impact if shortcode execution is restricted by WordPress security controls
🎯 Exploit Status
Simple HTTP request to AJAX endpoint with malicious shortcode payload
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.6.6 or later
Vendor Advisory: https://wordpress.org/plugins/profit-products-tables-for-woocommerce/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find 'Active Products Tables for WooCommerce'
4. Click 'Update Now' if available
5. If no update appears, manually download version 1.0.6.6+ from WordPress.org
6. Deactivate and delete old version, then upload and activate new version
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allAdd code to functions.php to remove the vulnerable AJAX action
add_action('init', function() {
remove_action('wp_ajax_nopriv_woot_get_smth', 'woot_get_smth');
remove_action('wp_ajax_woot_get_smth', 'woot_get_smth');
});
Deactivate plugin
linuxTemporarily disable the plugin until patched
wp plugin deactivate profit-products-tables-for-woocommerce
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests to /wp-admin/admin-ajax.php with woot_get_smth action
- Restrict access to admin-ajax.php from untrusted networks using .htaccess or nginx rules
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin panel under Plugins > Installed PluginsCheck Version:
wp plugin list --name='profit-products-tables-for-woocommerce' --field=versionVerify Fix Applied:
Verify plugin version is 1.0.6.6 or higher and test AJAX endpoint with malicious payload📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=woot_get_smth
- Unusual shortcode execution in WordPress debug logs
Network Indicators:
- HTTP POST to admin-ajax.php with woot_get_smth parameter from unexpected sources
SIEM Query:
http.method:POST AND http.uri:"/wp-admin/admin-ajax.php" AND http.params.action:"woot_get_smth"🔗 References
- https://plugins.trac.wordpress.org/browser/profit-products-tables-for-woocommerce/trunk/index.php#L1666
- https://plugins.trac.wordpress.org/changeset/3199368/
- https://wordpress.org/plugins/profit-products-tables-for-woocommerce/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ecf803cf-1b9c-4d2e-863f-d1f51b08f833?source=cve
