CVE-2024-11154
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to view revision history of posts and pages, potentially exposing sensitive draft content, editorial comments, or unpublished changes. All WordPress sites using the PublishPress Revisions plugin are affected.
💻 Affected Systems
- PublishPress Revisions WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could extract sensitive unpublished content, confidential editorial comments, or draft posts containing proprietary information, leading to data leaks or competitive intelligence gathering.
Likely Case
Low-privilege users viewing revision history they shouldn't have access to, potentially seeing draft content or editorial comments.
If Mitigated
Minimal impact if proper access controls and monitoring are in place to detect unauthorized access attempts.
🎯 Exploit Status
Exploitation requires authenticated access but only Subscriber-level permissions, which are commonly granted to many users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.5.16
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3192492/
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'PublishPress Revisions'
4. Click 'Update Now' if available
5. Or download version 3.5.16+ from WordPress.org and manually update
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the PublishPress Revisions plugin until patched
wp plugin deactivate publishpress-revisions
Restrict user roles
allLimit Subscriber and Contributor role assignments to trusted users only
🧯 If You Can't Patch
- Implement strict access controls and monitor user activity for unauthorized revision viewing
- Use web application firewall rules to block suspicious AJAX requests to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 3.5.15 or lower, you are vulnerable.Check Version:
wp plugin get publishpress-revisions --field=versionVerify Fix Applied:
Verify plugin version is 3.5.16 or higher and test that Subscriber users cannot access revision diffs via AJAX requests.📡 Detection & Monitoring
Log Indicators:
- Multiple AJAX requests to admin-ajax.php with 'action=revisionary_ajax_revision_diffs' from low-privilege users
- Unusual pattern of post revision access from Subscriber accounts
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action parameter containing 'revisionary_ajax_revision_diffs'
SIEM Query:
source="wordpress" action="admin-ajax" user_role="subscriber" post_data="*revisionary_ajax_revision_diffs*"🔗 References
- https://github.com/publishpress/PublishPress-Revisions/blob/master/admin/history_rvy.php#L322
- https://plugins.trac.wordpress.org/browser/revisionary/trunk/admin/history_rvy.php#L322
- https://plugins.trac.wordpress.org/changeset/3192492/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c785b7a0-5091-4d89-87d3-cd7d9984553e?source=cve
