CVE-2024-12881
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to upload arbitrary files to the server due to missing capability checks in the PlugVersions plugin. Attackers can create malicious files that could lead to remote code execution or system compromise. All WordPress sites using PlugVersions version 0.0.7 or earlier are affected.
💻 Affected Systems
- WordPress PlugVersions plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, or website defacement through remote code execution.
Likely Case
Attackers upload web shells to gain persistent access, escalate privileges, and install malware or backdoors on the WordPress site.
If Mitigated
Limited to file creation in web-accessible directories without execution capabilities if proper file permissions and security controls are in place.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker obtains valid credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 0.0.7
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3211805%40plugversions&new=3211805%40plugversions&sfp_email=&sfph_mail=
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find PlugVersions plugin. 4. Click 'Update Now' if available. 5. Alternatively, delete and reinstall latest version from WordPress repository.
🔧 Temporary Workarounds
Disable PlugVersions plugin
allTemporarily deactivate the vulnerable plugin until patching is possible
wp plugin deactivate plugversions
Remove Subscriber upload capability
allUse WordPress role management to restrict file upload capabilities
wp role reset subscriber
🧯 If You Can't Patch
- Implement strict file upload validation and monitoring for unexpected file creations
- Apply principle of least privilege by reviewing and reducing user roles with upload capabilities
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for PlugVersions version 0.0.7 or earlierCheck Version:
wp plugin get plugversions --field=versionVerify Fix Applied:
Confirm PlugVersions version is higher than 0.0.7 in WordPress plugins list📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads in WordPress uploads directory
- POST requests to /wp-admin/admin-ajax.php with action=eos_plugin_reviews_restore_version
- Unexpected PHP file creations by Subscriber-level users
Network Indicators:
- HTTP requests with file upload parameters to WordPress admin endpoints from non-admin users
SIEM Query:
source="wordpress.log" AND ("eos_plugin_reviews_restore_version" OR "plugversions") AND user_role="subscriber"