CVE-2024-13432 – The Webcamconsult WordPress plugin has a CSRF v... (How to Fix)

Q: What is the severity of CVE-2024-13432?

CVE-2024-13432 has a CVSS score of 6.1 (MEDIUM). The Webcamconsult WordPress plugin has a CSRF vulnerability that allows attackers to trick administrators into clicking malicious links, which can then update plugin settings and inject malicious scripts. This affects all WordPress sites using Webcamconsult plugin versions up to 1.5.0. Attackers can exploit this without authentication by crafting deceptive requests.

📋 TL;DR

The Webcamconsult WordPress plugin has a CSRF vulnerability that allows attackers to trick administrators into clicking malicious links, which can then update plugin settings and inject malicious scripts. This affects all WordPress sites using Webcamconsult plugin versions up to 1.5.0. Attackers can exploit this without authentication by crafting deceptive requests.

💻 Affected Systems

Products:

WordPress Webcamconsult Plugin

Versions: All versions up to and including 1.5.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Webcamconsult plugin active. Vulnerability exists in default configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through persistent XSS payloads, credential theft via session hijacking, or malware distribution to visitors.

🟠

Likely Case

Unauthorized plugin configuration changes, injection of malicious JavaScript that steals cookies or redirects users, and potential SEO spam injection.

🟢

If Mitigated

Limited impact with proper CSRF protections, admin awareness training, and web application firewalls blocking suspicious requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick authenticated admin into clicking malicious link. No authentication needed for the forged request itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.1 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3223211%40webcamconsult&new=3223211%40webcamconsult&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Webcamconsult plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.5.1+ from WordPress repository and manually replace plugin files.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate webcamconsult

CSRF Protection via .htaccess

linux

Add basic CSRF protection headers

Header set X-Frame-Options "DENY"
Header set Content-Security-Policy "frame-ancestors 'none'"

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to limit script execution
Use web application firewall (WAF) rules to block suspicious POST requests to admin-ajax.php

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 1.5.0 or lower, you are vulnerable.

Check Version:

wp plugin get webcamconsult --field=version

Verify Fix Applied:

Verify plugin version is 1.5.1 or higher. Test admin functionality to ensure nonce validation is working on settings updates.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with webcamconsult actions
Multiple failed nonce validation attempts in WordPress debug logs

Network Indicators:

Suspicious referrer headers in admin requests
Unexpected iframe or script injections in plugin settings

SIEM Query:

source="wordpress.log" AND ("admin-ajax.php" AND "webcamconsult") AND ("action=update" OR "action=save")

📊 Metadata

CVE ID: CVE-2024-13432

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-352

EPSS Score: 0.08% exploit probability (23.1th percentile)

Published: January 18, 2025

Last Updated: January 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13432, you might also want to check these: