CVE-2024-13118 – The IP Based Login WordPress plugin before vers... (How to Fix)

Q: What is the severity of CVE-2024-13118?

CVE-2024-13118 has a CVSS score of 4.3 (MEDIUM). The IP Based Login WordPress plugin before version 2.4.1 lacks CSRF protection on certain endpoints, allowing attackers to trick authenticated administrators into deleting all plugin logs via malicious requests. This affects WordPress sites using vulnerable versions of the IP Based Login plugin.

📋 TL;DR

The IP Based Login WordPress plugin before version 2.4.1 lacks CSRF protection on certain endpoints, allowing attackers to trick authenticated administrators into deleting all plugin logs via malicious requests. This affects WordPress sites using vulnerable versions of the IP Based Login plugin.

💻 Affected Systems

Products:

WordPress IP Based Login plugin

Versions: All versions before 2.4.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with IP Based Login plugin enabled and an authenticated administrator to be tricked into visiting a malicious page.

📦 What is this software?

Ip Based Login by Brijeshk89

View all CVEs affecting Ip Based Login →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could delete all IP-based login logs, potentially covering tracks of unauthorized access or preventing administrators from investigating security incidents.

🟠

Likely Case

Attackers could disrupt audit trails by deleting logs, making forensic investigation more difficult after other attacks.

🟢

If Mitigated

With proper CSRF protections in place, only legitimate authenticated users can perform log deletion actions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick an authenticated administrator into clicking a malicious link or visiting a compromised page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.1

Vendor Advisory: https://wpscan.com/vulnerability/eba6f98e-b931-4f02-b190-ca855a674839/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'IP Based Login' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.4.1+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the IP Based Login plugin until patched

wp plugin deactivate ip-based-login

Implement CSRF protection middleware

all

Add WordPress nonce verification to plugin endpoints via custom code

🧯 If You Can't Patch

Restrict admin access to trusted networks only
Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → IP Based Login → Version number. If version is below 2.4.1, system is vulnerable.

Check Version:

wp plugin get ip-based-login --field=version

Verify Fix Applied:

Confirm plugin version is 2.4.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unexpected bulk deletion of IP Based Login plugin logs
CSRF token validation failures in WordPress logs

Network Indicators:

POST requests to /wp-admin/admin.php?page=ip-based-login without proper referrer headers

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin.php" AND uri_query="page=ip-based-login" AND http_method="POST")

📊 Metadata

CVE ID: CVE-2024-13118

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE: CWE-352

EPSS Score: 0.04% exploit probability (13.1th percentile)

Published: March 25, 2025

Last Updated: May 6, 2025

🔗 References

https://wpscan.com/vulnerability/eba6f98e-b931-4f02-b190-ca855a674839/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13118, you might also want to check these: