CVE-2024-13343
📋 TL;DR
The WooCommerce Customers Manager plugin for WordPress has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to elevate their privileges to administrator. This affects all WordPress sites using vulnerable versions of this plugin. Attackers can gain full administrative control over the WordPress installation.
💻 Affected Systems
- WooCommerce Customers Manager WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrator access, can install backdoors, steal sensitive data, deface the site, or use it for further attacks.
Likely Case
Attackers gain administrative privileges and compromise the WordPress site, potentially accessing customer data, payment information, and site configuration.
If Mitigated
If proper access controls and monitoring are in place, privilege escalation attempts can be detected and blocked before full compromise.
🎯 Exploit Status
Exploitation requires authenticated access but only Subscriber-level privileges. The vulnerability is in an AJAX function that lacks proper capability checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 31.4 or later
Vendor Advisory: https://codecanyon.net/item/woocommerce-customers-manager/10965432
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WooCommerce Customers Manager'. 4. Click 'Update Now' if update is available. 5. Alternatively, download latest version from CodeCanyon and manually update.
🔧 Temporary Workarounds
Disable Vulnerable Plugin
allTemporarily disable the WooCommerce Customers Manager plugin until patched
wp plugin deactivate woocommerce-customers-manager
Restrict User Registration
WordPressDisable new user registration to prevent attackers from creating Subscriber accounts
Settings → General → Membership: Uncheck 'Anyone can register'
🧯 If You Can't Patch
- Implement strict access controls and monitor for privilege escalation attempts
- Use web application firewall rules to block requests to the vulnerable ajax_assign_new_roles() function
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 31.3 or earlier, you are vulnerable.Check Version:
wp plugin get woocommerce-customers-manager --field=versionVerify Fix Applied:
After updating, verify plugin version shows 31.4 or later. Test that Subscriber users cannot modify user roles.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to admin-ajax.php with action 'assign_new_roles'
- User role changes from Subscriber to Administrator
- Multiple failed privilege escalation attempts
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=assign_new_roles from non-admin users
SIEM Query:
source="wordpress" AND (url_path="/wp-admin/admin-ajax.php" AND post_data="action=assign_new_roles")