CVE-2024-13410
📋 TL;DR
This CVE describes a PHP Object Injection vulnerability in CozyStay and TinySalt WordPress plugins. Unauthenticated attackers can inject PHP objects via deserialization of untrusted input, but exploitation requires a separate POP chain from another plugin or theme. Sites using vulnerable versions of these plugins are affected.
💻 Affected Systems
- CozyStay WordPress Theme
- TinySalt WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
If combined with a POP chain from another plugin/theme, attackers could execute arbitrary code, delete files, or steal sensitive data, potentially leading to complete site compromise.
Likely Case
Most sites will not have compatible POP chains, resulting in no immediate impact, though the vulnerability still exists and could be exploited if vulnerable plugins/themes are added later.
If Mitigated
With proper plugin management and no compatible POP chains installed, the vulnerability has no practical impact despite its high CVSS score.
🎯 Exploit Status
Exploitation requires finding or crafting a compatible POP chain from other installed plugins/themes, which adds complexity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: CozyStay >1.7.0; TinySalt >3.9.0
Vendor Advisory: https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for updates to CozyStay or TinySalt themes. 4. Update to latest version. 5. If no update available, replace with alternative theme.
🔧 Temporary Workarounds
Disable vulnerable themes
allDeactivate and replace CozyStay/TinySalt themes with secure alternatives
Restrict AJAX endpoints
allUse web application firewall to block access to vulnerable ajax_handler endpoints
🧯 If You Can't Patch
- Remove or disable all unnecessary plugins/themes to reduce POP chain availability
- Implement strict input validation and sanitization at application layer
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for CozyStay version ≤1.7.0 or TinySalt version ≤3.9.0Check Version:
wp theme list --field=name,version --format=csvVerify Fix Applied:
Confirm theme version is CozyStay >1.7.0 or TinySalt >3.9.0 in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with serialized data
- PHP warnings related to deserialization
Network Indicators:
- HTTP requests containing serialized PHP objects in parameters
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND ("cozystay" OR "tinysalt") AND POST🔗 References
- https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog
- https://themeforest.net/item/tinysalt-personal-food-blog-wordpress-theme/26294668#item-description__changelog
- https://www.wordfence.com/threat-intel/vulnerabilities/id/61080df6-836f-4365-964a-fa2517e8be5a?source=cve
