CVE-2024-11951
📋 TL;DR
The Homey Login Register WordPress plugin allows unauthenticated attackers to create accounts with administrator privileges in versions up to 2.4.0. This vulnerability enables complete site takeover through privilege escalation. All WordPress sites using this plugin are affected.
💻 Affected Systems
- Homey Login Register WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of WordPress site with attacker gaining full administrative control, allowing content modification, plugin/theme installation, user management, and potential server access.
Likely Case
Attackers create administrator accounts to deface websites, install backdoors, steal data, or use the site for malicious activities like phishing or malware distribution.
If Mitigated
With proper monitoring and access controls, unauthorized admin accounts could be detected and removed before significant damage occurs.
🎯 Exploit Status
Exploitation requires only HTTP requests to the registration endpoint with modified parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.1 or later
Vendor Advisory: https://themeforest.net/item/homey-booking-wordpress-theme/23338013
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find Homey Login Register plugin. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 2.4.1+ and replace plugin files.
🔧 Temporary Workarounds
Disable User Registration
allTemporarily disable new user registration in WordPress settings
Deactivate Plugin
allImmediately deactivate the Homey Login Register plugin
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block registration requests with role parameters
- Enable detailed logging of user registration events and monitor for suspicious admin account creation
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Homey Login Register > Version. If version is 2.4.0 or lower, you are vulnerable.Check Version:
wp plugin list --name='Homey Login Register' --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.4.1 or higher. Test registration functionality to ensure role cannot be modified.📡 Detection & Monitoring
Log Indicators:
- Multiple user registration attempts, especially with 'administrator' or custom role parameters in POST data
- New administrator accounts created from unusual IP addresses
Network Indicators:
- HTTP POST requests to /wp-login.php?action=register containing role parameters
- Unusual registration traffic patterns
SIEM Query:
source="wordpress.log" AND "action=register" AND ("role=administrator" OR "user_role=administrator")