CVE-2024-13639 – The Read More & Accordion WordPress plugin has ... (How to Fix)

Q: What is the severity of CVE-2024-13639?

CVE-2024-13639 has a CVSS score of 4.3 (MEDIUM). The Read More & Accordion WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to delete arbitrary 'read more' posts. This occurs because the expmDeleteData() function lacks proper capability checks. All WordPress sites using this plugin up to version 3.4.2 are affected.

📋 TL;DR

The Read More & Accordion WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to delete arbitrary 'read more' posts. This occurs because the expmDeleteData() function lacks proper capability checks. All WordPress sites using this plugin up to version 3.4.2 are affected.

💻 Affected Systems

Products:

Read More & Accordion WordPress plugin

Versions: All versions up to and including 3.4.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Any authenticated user (Subscriber role or higher) can exploit this.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious authenticated users could delete all 'read more' posts, causing permanent data loss and disrupting website functionality.

🟠

Likely Case

Low-privilege users deleting specific 'read more' content they shouldn't have access to, potentially causing content management issues.

🟢

If Mitigated

Minimal impact if proper user access controls and backups are in place, with only temporary content disruption.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple - just needs to call the vulnerable function with appropriate parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.3 or later

Vendor Advisory: https://wordpress.org/plugins/expand-maker/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Read More & Accordion' plugin. 4. Click 'Update Now' if available, or manually update to version 3.4.3+. 5. Verify plugin is updated to 3.4.3 or later.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Read More & Accordion plugin until patched

Restrict user roles

all

Limit Subscriber and other low-privilege user accounts until patch is applied

🧯 If You Can't Patch

Implement strict user access controls and monitor user activity
Enable comprehensive backups and test restoration procedures

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → Read More & Accordion → check if version is 3.4.2 or lower

Check Version:

wp plugin list --name='expand-maker' --field=version

Verify Fix Applied:

Confirm plugin version is 3.4.3 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual DELETE requests to WordPress admin-ajax.php or admin-post.php involving expmDeleteData
Multiple 'read more' post deletions from low-privilege users

Network Indicators:

POST requests to admin endpoints with action=expmDeleteData from non-admin users

SIEM Query:

source="wordpress.log" AND (expmDeleteData OR "action=expmDeleteData") AND user_role!="administrator"

📊 Metadata

CVE ID: CVE-2024-13639

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-862

EPSS Score: 0.15% exploit probability (36.1th percentile)

Published: February 13, 2025

Last Updated: February 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13639, you might also want to check these: