CVE-2024-12535
📋 TL;DR
The Host PHP Info WordPress plugin allows unauthenticated attackers to access sensitive server configuration information via the phpinfo() function without proper authorization checks. This affects all WordPress sites with the plugin installed (even if not activated) in versions up to 1.0.4. Attackers can view PHP configuration details, environment variables, and system information.
💻 Affected Systems
- Host PHP Info WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain sensitive server configuration details, database credentials, API keys, and environment variables, leading to full server compromise and data exfiltration.
Likely Case
Attackers gather reconnaissance information about the server environment, PHP configuration, and installed modules to plan further attacks.
If Mitigated
Limited information disclosure with no direct code execution, but still reveals system details that could aid attackers.
🎯 Exploit Status
Exploitation requires simple HTTP request to the vulnerable endpoint. No authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.0.5 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/host-php-info/trunk/info.php#L2
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Host PHP Info' plugin. 4. Click 'Update Now' if update available. 5. If no update, delete plugin completely.
🔧 Temporary Workarounds
Delete vulnerable plugin
allCompletely remove the Host PHP Info plugin from WordPress installation
rm -rf /path/to/wordpress/wp-content/plugins/host-php-info/
Block access via .htaccess
ApachePrevent access to the vulnerable info.php file
<Files "info.php">
Order Allow,Deny
Deny from all
</Files>
🧯 If You Can't Patch
- Immediately delete the Host PHP Info plugin from the WordPress installation
- Implement web application firewall rules to block requests to /wp-content/plugins/host-php-info/info.php
🔍 How to Verify
Check if Vulnerable:
Check if file exists: /wp-content/plugins/host-php-info/info.php. If exists and version ≤1.0.4, vulnerable.Check Version:
grep -r "Version:" /path/to/wordpress/wp-content/plugins/host-php-info/*.phpVerify Fix Applied:
Verify plugin version is 1.0.5+ in WordPress admin or check that info.php file no longer exists or contains proper capability checks.📡 Detection & Monitoring
Log Indicators:
- HTTP GET requests to /wp-content/plugins/host-php-info/info.php
- Unusual access to plugin files from unauthenticated users
Network Indicators:
- HTTP requests to info.php endpoint returning large PHP configuration data
SIEM Query:
source="web_logs" AND uri_path="/wp-content/plugins/host-php-info/info.php" AND http_method="GET"