CVE-2024-12471
📋 TL;DR
This vulnerability allows authenticated WordPress users with subscriber-level access or higher to upload arbitrary files through the Post Saint plugin's AJAX function. Attackers can achieve remote code execution by uploading malicious files like PHP shells. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, malware distribution, or ransomware deployment through remote code execution.
Likely Case
Unauthorized file uploads leading to backdoor installation, website defacement, or credential harvesting.
If Mitigated
Limited impact with proper file permissions and web application firewalls blocking malicious uploads.
🎯 Exploit Status
Requires authenticated access but subscriber role is typically easy to obtain through registration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.3.1
Vendor Advisory: https://wordpress.org/plugins/post-saint/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Post Saint' plugin. 4. Click 'Update Now' if available. 5. If no update appears, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
WordPressRemove or restrict access to the vulnerable add_image_to_library AJAX action
Add to theme's functions.php or custom plugin: remove_action('wp_ajax_add_image_to_library', 'vulnerable_function_name');
🧯 If You Can't Patch
- Deactivate and remove the Post Saint plugin immediately
- Implement strict file upload restrictions at web server level (e.g., block .php, .phtml, .phar uploads)
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for Post Saint plugin version 1.3.1 or earlierCheck Version:
wp plugin list --name=post-saint --field=versionVerify Fix Applied:
Verify plugin version is higher than 1.3.1 or plugin is completely removed📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads via AJAX requests
- POST requests to /wp-admin/admin-ajax.php with action=add_image_to_library
Network Indicators:
- HTTP POST requests with file uploads to admin-ajax.php endpoint
- Unexpected file types (.php, .phtml) in upload directories
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="add_image_to_library"