CVE-2024-13471
📋 TL;DR
The DesignThemes Core Features WordPress plugin contains a file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server. This affects all WordPress sites using this plugin up to version 4.7. Attackers can potentially access sensitive configuration files, credentials, or other system data.
💻 Affected Systems
- DesignThemes Core Features WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers exfiltrate sensitive files like wp-config.php containing database credentials, SSH keys, or other configuration files leading to full site compromise and potential lateral movement.
Likely Case
Attackers read WordPress configuration files to obtain database credentials, then use those to access or modify site data, install backdoors, or pivot to other systems.
If Mitigated
Attackers can only read non-sensitive files due to proper file permissions and directory restrictions, limiting exposure to less critical information.
🎯 Exploit Status
Exploitation requires sending crafted HTTP requests to the vulnerable endpoint. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 4.7
Vendor Advisory: https://themeforest.net/item/lms-learning-management-system-education-lms-wordpress-theme/7867581
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'DesignThemes Core Features' plugin. 4. Click 'Update Now' if update available. 5. If no update available, disable and remove the plugin immediately.
🔧 Temporary Workarounds
Disable vulnerable plugin
WordPressTemporarily disable the DesignThemes Core Features plugin until patched version is available
wp plugin deactivate design-themes-core-features
Web Application Firewall rule
ApacheBlock requests to the vulnerable dt_process_imported_file endpoint
LocationMatch "\/wp-content\/plugins\/design-themes-core-features.*dt_process_imported_file"
Deny from all
🧯 If You Can't Patch
- Implement strict file permissions (chmod 600 for sensitive files, chmod 755 for directories)
- Deploy web application firewall with rules blocking file inclusion patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'DesignThemes Core Features' version 4.7 or lowerCheck Version:
wp plugin get design-themes-core-features --field=versionVerify Fix Applied:
Verify plugin version is higher than 4.7 or plugin is completely removed from the system📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-content/plugins/design-themes-core-features containing dt_process_imported_file parameter
- Multiple 200 responses with file content in response body
- Unusual file read patterns from web server process
Network Indicators:
- HTTP GET/POST requests with file path parameters to plugin endpoint
- Traffic spikes to the vulnerable endpoint from external IPs
SIEM Query:
source="web_server_logs" AND uri="/wp-content/plugins/design-themes-core-features" AND (uri="*dt_process_imported_file*" OR params="*file=*" OR params="*path=*")