CVE-2024-12071
📋 TL;DR
This vulnerability in the Evergreen Content Poster WordPress plugin allows unauthenticated attackers to delete arbitrary posts and pages due to missing capability checks. All WordPress sites using this plugin up to version 1.4.4 are affected. The flaw enables unauthorized data destruction without requiring any authentication.
💻 Affected Systems
- Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media WordPress plugin
📦 What is this software?
Evergreen Content Poster by Evergreencontentposter
⚠️ Risk & Real-World Impact
Worst Case
Complete website defacement through mass deletion of all posts and pages, causing permanent data loss and significant business disruption.
Likely Case
Selective deletion of important content, leading to website downtime, SEO damage, and content recovery costs.
If Mitigated
Minimal impact if plugin is disabled or patched before exploitation, with potential for audit trail detection.
🎯 Exploit Status
Exploitation is trivial - attackers can send crafted requests to the plugin's vulnerable endpoint without any authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.4.5 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Evergreen Content Poster' and click 'Update Now'. 4. Verify plugin version is 1.4.5 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Evergreen Content Poster plugin until patched.
wp plugin deactivate evergreen-content-poster
Web application firewall rule
allBlock requests to the vulnerable delete_network_post() endpoint.
Add WAF rule to block: POST requests containing 'delete_network_post' action
🧯 If You Can't Patch
- Disable the Evergreen Content Poster plugin immediately
- Implement strict network access controls to limit access to WordPress admin functions
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Evergreen Content Poster → Version. If version is 1.4.4 or lower, you are vulnerable.Check Version:
wp plugin get evergreen-content-poster --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.4.5 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with 'action=delete_network_post' parameter
- Unexpected post/page deletions in WordPress logs
- 404 errors for previously existing content
Network Indicators:
- Unusual POST requests to WordPress admin-ajax.php from unauthenticated sources
- Burst of DELETE operations in short timeframes
SIEM Query:
source="wordpress.log" AND "delete_network_post" AND NOT user!="unauthenticated"🔗 References
- https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/admin/class-evergreen_content_poster-admin.php#L333
- https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/includes/class-evergreen_content_poster.php#L345
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3224190%40evergreen-content-poster&new=3224190%40evergreen-content-poster&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/aa07f48f-370f-4985-a6fc-a94ed5c59ed4?source=cve
