CVE-2024-12066
📋 TL;DR
The SMSA Shipping plugin for WordPress has an arbitrary file deletion vulnerability that allows authenticated attackers with Subscriber-level access or higher to delete any file on the server. This can lead to remote code execution by deleting critical files like wp-config.php. All WordPress sites using this plugin up to version 2.2 are affected.
💻 Affected Systems
- WordPress SMSA Shipping (official) plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise via remote code execution leading to data theft, defacement, or ransomware deployment
Likely Case
Site disruption through deletion of critical files, potentially causing downtime and data loss
If Mitigated
Limited impact if proper access controls and file permissions are in place
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/smsa-shipping-official/trunk/smsa-express-shipping.php
Restart Required: No
Instructions:
1. Update SMSA Shipping plugin to version 2.3 or later via WordPress admin panel. 2. Verify update completes successfully. 3. Test plugin functionality.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate smsa-shipping-official
Restrict user roles
allRemove Subscriber role from all users or restrict plugin access
🧯 If You Can't Patch
- Implement strict file permissions (chmod 644 for files, 755 for directories)
- Deploy web application firewall with file deletion protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for SMSA Shipping plugin version 2.2 or earlierCheck Version:
wp plugin get smsa-shipping-official --field=versionVerify Fix Applied:
Confirm plugin version is 2.3 or later in WordPress admin📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=smsa_delete_label
- File deletion events in system logs for WordPress directories
Network Indicators:
- HTTP requests with file path parameters in admin-ajax.php endpoints
SIEM Query:
source="wordpress.log" AND "smsa_delete_label" AND ("../" OR "/etc/" OR "wp-config")