CVE-2024-12333
📋 TL;DR
The Woodmart WordPress theme allows unauthenticated attackers to execute arbitrary shortcodes via a vulnerable AJAX endpoint. This vulnerability affects all WordPress sites using Woodmart theme versions up to 8.0.3. Attackers can leverage WordPress shortcodes to potentially execute malicious code or access sensitive functionality.
💻 Affected Systems
- Woodmart WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete site compromise, data theft, malware injection, or site defacement
Likely Case
Unauthenticated attackers execute arbitrary shortcodes to access sensitive functionality, inject content, or perform privilege escalation
If Mitigated
Limited impact if shortcode functionality is restricted and proper input validation is in place
🎯 Exploit Status
Exploitation requires sending crafted requests to the vulnerable AJAX endpoint
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.0.4 or later
Vendor Advisory: https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Appearance > Themes
3. Check for Woodmart theme updates
4. Update to version 8.0.4 or later
5. Clear any caching plugins
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allRemove or restrict access to the woodmart_instagram_ajax_query AJAX action
Add to theme's functions.php: remove_action('wp_ajax_woodmart_instagram_ajax_query', 'woodmart_instagram_ajax_query'); remove_action('wp_ajax_nopriv_woodmart_instagram_ajax_query', 'woodmart_instagram_ajax_query');
Restrict AJAX access
linuxAdd authentication requirement for AJAX requests
Add to .htaccess: <IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} ^/wp-admin/admin-ajax\.php$
RewriteCond %{QUERY_STRING} action=woodmart_instagram_ajax_query
RewriteCond %{HTTP_COOKIE} !wordpress_logged_in
RewriteRule ^ - [F]
</IfModule>
🧯 If You Can't Patch
- Disable the Woodmart theme and switch to a secure alternative
- Implement web application firewall rules to block requests to the vulnerable AJAX endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Woodmart theme version 8.0.3 or earlierCheck Version:
wp theme list --field=name,version --status=activeVerify Fix Applied:
Confirm Woodmart theme version is 8.0.4 or later in WordPress admin📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=woodmart_instagram_ajax_query
- Unusual shortcode execution in WordPress debug logs
Network Indicators:
- HTTP POST requests to admin-ajax.php with woodmart_instagram_ajax_query parameter
- Unusual AJAX requests from unauthenticated sources
SIEM Query:
source="web_access.log" AND uri="/wp-admin/admin-ajax.php" AND post_data="woodmart_instagram_ajax_query"