CVE-2024-12259 – The CRM WordPress Plugin – RepairBuddy plugin... (How to Fix)

Q: What is the severity of CVE-2024-12259?

CVE-2024-12259 has a CVSS score of 8.8 (HIGH). The CRM WordPress Plugin – RepairBuddy plugin for WordPress has a privilege escalation vulnerability that allows authenticated attackers with subscriber-level access or higher to change any user's email address, including administrators. This can lead to account takeover by using the email change to trigger password resets. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

The CRM WordPress Plugin – RepairBuddy plugin for WordPress has a privilege escalation vulnerability that allows authenticated attackers with subscriber-level access or higher to change any user's email address, including administrators. This can lead to account takeover by using the email change to trigger password resets. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

CRM WordPress Plugin – RepairBuddy

Versions: All versions up to and including 3.8120

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Any authenticated user (subscriber role or higher) can exploit this vulnerability.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise where attackers gain administrative access, potentially leading to data theft, malware injection, defacement, or complete control of the WordPress installation.

🟠

Likely Case

Attackers gain administrative privileges on vulnerable WordPress sites, enabling them to modify content, install malicious plugins, or access sensitive user data.

🟢

If Mitigated

Limited impact with proper user access controls, monitoring, and network segmentation preventing lateral movement from compromised WordPress instances.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has any valid user account. The vulnerability is well-documented and easy to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.8120

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208270%40computer-repair-shop&new=3208270%40computer-repair-shop&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'CRM WordPress Plugin – RepairBuddy'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable AJAX endpoint

all

Remove or restrict access to the wc_update_user_data AJAX action that contains the vulnerability

Add to theme's functions.php or custom plugin: remove_action('wp_ajax_wc_update_user_data', 'your_callback_function');

Temporarily deactivate plugin

linux

Completely disable the vulnerable plugin until patched

wp plugin deactivate computer-repair-shop

🧯 If You Can't Patch

Immediately disable the RepairBuddy plugin entirely
Implement strict user access controls and monitor for suspicious email change activities

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'CRM WordPress Plugin – RepairBuddy' version 3.8120 or lower

Check Version:

wp plugin get computer-repair-shop --field=version

Verify Fix Applied:

Verify plugin version is higher than 3.8120 in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual email change requests in WordPress logs
Multiple password reset attempts for administrative accounts
AJAX requests to wc_update_user_data endpoint from non-admin users

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with action=wc_update_user_data from non-privileged users

SIEM Query:

source="wordpress.log" AND "wc_update_user_data" AND user_role!="administrator"

📊 Metadata

CVE ID: CVE-2024-12259

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: December 18, 2024

Last Updated: December 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12259, you might also want to check these: