CVE-2024-1205 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2024-1205?

CVE-2024-1205 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated WordPress users with subscriber-level access or higher to upload arbitrary files to the server due to missing file type validation in the WooCommerce Management App plugin. This can lead to remote code execution by uploading malicious files like PHP shells. All WordPress sites using the vulnerable plugin are affected.

📋 TL;DR

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to upload arbitrary files to the server due to missing file type validation in the WooCommerce Management App plugin. This can lead to remote code execution by uploading malicious files like PHP shells. All WordPress sites using the vulnerable plugin are affected.

💻 Affected Systems

Products:

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring WordPress plugin

Versions: All versions up to and including 1.2.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with the plugin installed and at least one user with subscriber role or higher.

📦 What is this software?

Wemanage by Wemanage

View all CVEs affecting Wemanage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, allowing attackers to steal data, install malware, or pivot to other systems.

🟠

Likely Case

Attackers upload web shells to gain persistent access, deface websites, or deploy cryptocurrency miners.

🟢

If Mitigated

File uploads blocked or contained, limiting impact to denial of service or temporary file storage issues.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.1 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/wemanage-app-worker/trunk/readme.txt

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Management App for WooCommerce' and click 'Update Now'. 4. Verify version is 1.2.1 or higher.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate wemanage-app-worker

Restrict file uploads via .htaccess

linux

Block execution of uploaded files in the uploads directory.

Add to .htaccess in wp-content/uploads: <Files *.php> deny from all </Files>

🧯 If You Can't Patch

Remove subscriber and higher role access from untrusted users.
Implement web application firewall rules to block suspicious file uploads.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is 1.2.0 or lower, it's vulnerable.

Check Version:

wp plugin get wemanage-app-worker --field=version

Verify Fix Applied:

Confirm plugin version is 1.2.1 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/uploads/ via POST requests to admin-ajax.php or REST API endpoints
Files with double extensions like .php.jpg

Network Indicators:

HTTP POST requests with file uploads to plugin-specific endpoints from unexpected IPs

SIEM Query:

source="web_logs" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "/wp-json/") AND method="POST" AND (user_agent CONTAINS "curl" OR user_agent CONTAINS "wget")

📊 Metadata

CVE ID: CVE-2024-1205

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: March 20, 2024

Last Updated: April 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1205, you might also want to check these: