CVE-2024-12854
📋 TL;DR
The Garden Gnome Package WordPress plugin allows authenticated attackers with Author-level access or higher to upload arbitrary files due to missing file type validation when extracting 'ggpkg' files. This vulnerability can lead to remote code execution on affected WordPress sites. All WordPress sites using this plugin up to version 2.3.0 are vulnerable.
💻 Affected Systems
- WordPress Garden Gnome Package plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through remote code execution, allowing attackers to install backdoors, steal data, deface websites, or use the server for malicious activities.
Likely Case
Attackers upload web shells or malicious scripts to gain persistent access, modify site content, or pivot to other systems on the network.
If Mitigated
Limited to file uploads in the plugin's directory without execution capabilities if proper file permissions and security controls are in place.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of the vulnerable file upload functionality. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.3.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Garden Gnome Package' and click 'Update Now'. 4. Verify the plugin version is 2.3.1 or higher.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the Garden Gnome Package plugin until patched
wp plugin deactivate garden-gnome-package
Restrict user roles
allLimit Author-level and higher accounts to trusted users only
🧯 If You Can't Patch
- Remove the plugin entirely if not needed
- Implement web application firewall rules to block file uploads to the plugin's endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for Garden Gnome Package version. If version is 2.3.0 or lower, you are vulnerable.Check Version:
wp plugin get garden-gnome-package --field=versionVerify Fix Applied:
After updating, confirm the plugin version shows 2.3.1 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /wp-content/plugins/garden-gnome-package/
- Multiple failed login attempts followed by successful Author-level login
- POST requests to plugin-specific upload endpoints
Network Indicators:
- HTTP POST requests containing .ggpkg or unusual file extensions to plugin paths
- Outbound connections from WordPress server to unknown IPs after file uploads
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-content/plugins/garden-gnome-package/" AND method="POST")