CVE-2024-12811
📋 TL;DR
The Traveler WordPress theme has a Local File Inclusion vulnerability in the 'hotel_alone_slider' shortcode that allows authenticated attackers with contributor-level permissions or higher to include and execute arbitrary PHP files on the server. This can lead to remote code execution, data theft, and access control bypass. WordPress sites using Traveler theme versions 3.1.8 and earlier are affected.
💻 Affected Systems
- Traveler WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through arbitrary PHP code execution, leading to data exfiltration, website defacement, malware deployment, and lateral movement within the hosting environment.
Likely Case
Unauthorized file access leading to sensitive data exposure, privilege escalation, and backdoor installation for persistent access.
If Mitigated
Limited impact if proper file upload restrictions and server hardening are in place, though information disclosure may still occur.
🎯 Exploit Status
Exploitation requires authenticated access and ability to upload PHP files or access existing PHP files on the server.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.1.9 or later
Vendor Advisory: https://travelerwp.com/traveler-changelog/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Traveler theme update is available. 4. Click 'Update Now' for Traveler theme. 5. Verify theme version is 3.1.9 or higher.
🔧 Temporary Workarounds
Remove vulnerable shortcode
allDisable or remove the 'hotel_alone_slider' shortcode from theme files
Restrict file uploads
allConfigure server to block PHP file uploads and disable PHP execution in upload directories
🧯 If You Can't Patch
- Remove contributor and author roles from untrusted users
- Implement web application firewall rules to block LFI patterns
🔍 How to Verify
Check if Vulnerable:
Check Traveler theme version in WordPress admin under Appearance > Themes. If version is 3.1.8 or lower, the site is vulnerable.Check Version:
wp theme list --field=name,version --format=csv | grep travelerVerify Fix Applied:
Confirm Traveler theme version is 3.1.9 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file inclusion requests in web server logs containing 'hotel_alone_slider' shortcode parameters
- PHP error logs showing file inclusion errors
Network Indicators:
- HTTP requests with suspicious 'style' parameters in shortcode attributes
SIEM Query:
web_access_logs WHERE url_parameters CONTAINS 'hotel_alone_slider' AND (url_parameters CONTAINS '../' OR url_parameters CONTAINS 'php://' OR url_parameters CONTAINS '/etc/')