CVE-2024-11952
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to include and execute arbitrary PHP files on Windows servers. Attackers can achieve remote code execution, bypass access controls, or steal sensitive data by exploiting the 'style' parameter in the Classic Addons plugin. Only WordPress sites using vulnerable versions of this plugin on Windows servers are affected.
💻 Affected Systems
- Classic Addons – WPBakery Page Builder plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data theft, malware deployment, or complete site takeover through arbitrary PHP code execution.
Likely Case
Unauthorized file access, privilege escalation, or limited code execution within the web server context.
If Mitigated
No impact if plugin is patched or not installed on Windows servers.
🎯 Exploit Status
Exploitation requires authenticated access and specific permissions. Limited to Windows PHP environments.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1
Vendor Advisory: https://plugins.trac.wordpress.org/browser/classic-addons-wpbakery-page-builder-addons/tags/3.1/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Classic Addons – WPBakery Page Builder'. 4. Click 'Update Now' if available, or download version 3.1+ from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Classic Addons plugin until patched
Restrict user permissions
allRemove Contributor-level access and review Administrator-granted permissions
🧯 If You Can't Patch
- Migrate to Linux server environment
- Implement strict file upload restrictions and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Classic Addons version. If version is 3.0 or lower, you are vulnerable on Windows servers.Check Version:
wp plugin list --name='classic-addons-wpbakery-page-builder-addons' --field=versionVerify Fix Applied:
Confirm plugin version is 3.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file inclusion attempts in web server logs
- POST requests to testimonial-slider-item.php with 'style' parameter
Network Indicators:
- HTTP requests containing '../' or directory traversal patterns in 'style' parameter
SIEM Query:
source="web_server_logs" AND uri="*testimonial-slider-item.php*" AND (param="*style=*" OR param="*../*")