CVE-2024-12402
📋 TL;DR
This vulnerability allows unauthenticated attackers to change any WordPress user's password, including administrators, through the Themes Coder plugin. All WordPress sites using this plugin up to version 1.3.4 are affected, potentially leading to complete site takeover.
💻 Affected Systems
- Themes Coder – Create Android & iOS Apps For Your Woocommerce Site WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of WordPress site with administrative access, data theft, malware installation, and defacement.
Likely Case
Administrative account takeover leading to site compromise, plugin/theme manipulation, and data exfiltration.
If Mitigated
Limited impact if strong network controls prevent external access or if immediate detection occurs.
🎯 Exploit Status
Simple HTTP request manipulation can trigger the vulnerability without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.5 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/tc-ecommerce/trunk/controller/app_user.php
Restart Required: No
Instructions:
1. Update plugin to version 1.3.5 or later via WordPress admin panel. 2. Verify update completed successfully. 3. Test user password change functionality.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Themes Coder plugin until patched
wp plugin deactivate tc-ecommerce
Block plugin endpoints
allUse web application firewall to block requests to vulnerable endpoints
🧯 If You Can't Patch
- Remove plugin completely from production environment
- Implement strict network access controls to limit exposure
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for plugin version 1.3.4 or earlierCheck Version:
wp plugin get tc-ecommerce --field=versionVerify Fix Applied:
Confirm plugin version is 1.3.5 or later in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual password reset requests
- Multiple failed login attempts followed by successful login from new IP
- POST requests to /wp-admin/admin-ajax.php with update_user_profile action
Network Indicators:
- HTTP POST requests to WordPress admin-ajax.php with user ID manipulation
- Unusual traffic patterns to plugin-specific endpoints
SIEM Query:
source="wordpress.log" AND ("update_user_profile" OR "admin-ajax.php") AND status=200