CVE-2024-13468
📋 TL;DR
The Trash Duplicate and 301 Redirect WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to delete any posts or pages. This affects all WordPress sites using plugin versions 1.9 and earlier. No authentication is required to exploit this flaw.
💻 Affected Systems
- Trash Duplicate and 301 Redirect WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete website content deletion leading to service disruption, data loss, and potential business impact.
Likely Case
Selective deletion of important posts/pages causing content loss and website integrity issues.
If Mitigated
No impact if plugin is disabled or patched before exploitation.
🎯 Exploit Status
Exploitation requires sending crafted HTTP requests to the vulnerable endpoint without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.9
Vendor Advisory: https://wordpress.org/plugins/trash-duplicate-and-301-redirect/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Trash Duplicate and 301 Redirect'. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin.
🔧 Temporary Workarounds
Disable Plugin
WordPressDeactivate the vulnerable plugin to prevent exploitation
wp plugin deactivate trash-duplicate-and-301-redirect
Web Application Firewall Rule
allBlock requests to the vulnerable endpoint
Block HTTP requests containing 'duplicates-action-top' parameter
🧯 If You Can't Patch
- Deactivate and remove the Trash Duplicate and 301 Redirect plugin immediately
- Implement web application firewall rules to block requests to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Trash Duplicate and 301 Redirect' version 1.9 or earlierCheck Version:
wp plugin get trash-duplicate-and-301-redirect --field=versionVerify Fix Applied:
Verify plugin version is greater than 1.9 or plugin is completely removed📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with 'action=duplicates-action-top' parameter
- Unusual deletion events in WordPress logs
Network Indicators:
- POST requests to admin-ajax.php with suspicious action parameters from unauthenticated sources
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "duplicates-action-top"