CVE-2024-13687
📋 TL;DR
The Team Builder WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify plugin settings. This affects all WordPress sites using plugin versions 1.3 and earlier. Attackers can change configuration options without proper permissions.
💻 Affected Systems
- Team Builder – Meet the Team WordPress Plugin
📦 What is this software?
Team Builder by Webdevocean
⚠️ Risk & Real-World Impact
Worst Case
Attackers could disable security features, modify team display settings to inject malicious content, or disrupt website functionality by changing critical plugin configurations.
Likely Case
Low-privileged users could alter team member information, change display settings, or modify plugin behavior in ways that could enable further attacks or defacement.
If Mitigated
With proper user role management and monitoring, impact is limited to minor configuration changes that can be reverted by administrators.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple - attackers just need to send crafted requests to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check WordPress plugin repository for version >1.3
Vendor Advisory: https://plugins.trac.wordpress.org/browser/team-display/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'Team Builder – Meet the Team'. 4. Click 'Update Now' if update available. 5. If no update, deactivate and remove plugin.
🔧 Temporary Workarounds
Remove Subscriber Role Access
allTemporarily restrict Subscriber role users from accessing the site while maintaining higher-privilege user access.
Use WordPress role management plugins or custom code to restrict Subscriber access
Deactivate Plugin
linuxTemporarily disable the vulnerable plugin until patched version is available.
wp plugin deactivate team-display
🧯 If You Can't Patch
- Implement web application firewall rules to block requests to the vulnerable save_team_builder_options() endpoint
- Monitor and audit plugin setting changes and investigate any unauthorized modifications
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Team Builder – Meet the Team. If version is 1.3 or lower, you are vulnerable.Check Version:
wp plugin get team-display --field=versionVerify Fix Applied:
After update, verify plugin version is higher than 1.3. Test with Subscriber account that save_team_builder_options function is properly protected.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=save_team_builder_options from low-privilege users
- Unauthorized plugin setting changes in WordPress logs
Network Indicators:
- HTTP POST requests containing team_builder_options parameters from non-admin users
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data CONTAINS "save_team_builder_options") AND user_role="subscriber"