CVE-2024-13337
📋 TL;DR
This CSRF vulnerability in the Clearfy Cache WordPress plugin allows unauthenticated attackers to change plugin settings by tricking administrators into clicking malicious links. All WordPress sites using Clearfy Cache plugin versions up to 2.3.2 are affected. The vulnerability exists due to missing nonce validation on the setup page.
💻 Affected Systems
- Clearfy Cache – WordPress optimization plugin
📦 What is this software?
Clearfy by Cm Wp
⚠️ Risk & Real-World Impact
Worst Case
Attackers could disable security features, modify cache settings to break site functionality, or enable malicious configurations that lead to further compromise.
Likely Case
Attackers change plugin settings to degrade site performance, disable optimizations, or enable tracking/analytics settings that benefit the attacker.
If Mitigated
With proper CSRF protections and admin awareness, exploitation attempts fail and no settings are modified.
🎯 Exploit Status
CSRF attacks are well-understood and easy to weaponize. No authentication required, but requires social engineering to trick admin.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3268278/clearfy/trunk/libs/factory/templates/pages/setup-parts/class-step-form.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find Clearfy Cache plugin. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Clearfy Cache Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate clearfy
Add CSRF Protection Manually
allAdd nonce validation to the vulnerable setup-wbcr_clearfy page via custom code.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to limit cross-origin requests.
- Use browser extensions that block CSRF attempts and educate administrators about phishing risks.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Clearfy Cache → Version. If version is 2.3.2 or lower, you are vulnerable.Check Version:
wp plugin get clearfy --field=versionVerify Fix Applied:
After update, verify Clearfy Cache plugin version is 2.3.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin.php?page=setup-wbcr_clearfy without proper referrer/nonce
- Multiple failed nonce validation attempts
Network Indicators:
- Cross-origin requests to WordPress admin endpoints from unexpected domains
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin.php" AND query_string="page=setup-wbcr_clearfy") AND http_method="POST"