CVE-2024-13645
📋 TL;DR
The tagDiv Composer WordPress plugin has a PHP object instantiation vulnerability that allows unauthenticated attackers to instantiate arbitrary PHP objects. This vulnerability only becomes dangerous when combined with a POP chain from another plugin or theme, which could enable remote code execution, file deletion, or data theft. All WordPress sites using tagDiv Composer versions up to 5.3 are affected.
💻 Affected Systems
- tagDiv Composer WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete site compromise, data theft, and server takeover if a suitable POP chain exists in another installed plugin/theme.
Likely Case
No immediate impact unless the site has vulnerable plugins/themes with POP chains; most sites will see no effect until additional vulnerable components are present.
If Mitigated
Limited to no impact if no POP chain exists in installed plugins/themes, though the vulnerability still provides an attack surface.
🎯 Exploit Status
Exploitation requires finding or crafting a suitable POP chain from other installed components; no known POP chains exist in tagDiv Composer itself.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 5.3
Vendor Advisory: https://tagdiv.com/tagdiv-composer-page-builder-basics/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find tagDiv Composer. 4. Click 'Update Now' if update available. 5. If no update shows, manually download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable tagDiv Composer Plugin
allTemporarily deactivate the vulnerable plugin until patched
🧯 If You Can't Patch
- Disable or remove the tagDiv Composer plugin immediately
- Audit and remove any unnecessary plugins/themes that might contain POP chains
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for tagDiv Composer version 5.3 or lowerCheck Version:
wp plugin list --name=tagdiv-composer --field=versionVerify Fix Applied:
Verify tagDiv Composer plugin version is higher than 5.3 in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress containing PHP object serialization data
- Unexpected plugin activation/deactivation logs
Network Indicators:
- HTTP requests with serialized PHP objects in parameters targeting WordPress
SIEM Query:
source="wordpress.log" AND ("tagdiv" OR "td-composer") AND ("unserialize" OR "php_object")