CVE-2024-13694
📋 TL;DR
This vulnerability allows unauthenticated attackers to access wishlist data they shouldn't have permission to view via an insecure direct object reference in the WooCommerce Wishlist plugin. All WordPress sites using this plugin up to version 1.8.7 are affected. Attackers can extract sensitive wishlist information without authentication.
💻 Affected Systems
- WooCommerce Wishlist (Smart Wishlist for More Convert) WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could extract all wishlist data from the site, potentially exposing customer information, product preferences, and private lists, leading to data breach and privacy violations.
Likely Case
Attackers will extract random wishlist data they can access through the vulnerability, potentially exposing some customer information and shopping preferences.
If Mitigated
With proper access controls and validation, only authorized users can access their own wishlist data, preventing unauthorized data extraction.
🎯 Exploit Status
The vulnerability requires no authentication and involves manipulating parameters in the download_pdf_file() function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.8.8 or later
Vendor Advisory: https://wordpress.org/plugins/smart-wishlist-for-more-convert/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WooCommerce Wishlist' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.8.8+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable PDF Export Feature
allTemporarily disable the PDF export functionality that contains the vulnerable download_pdf_file() function
🧯 If You Can't Patch
- Disable the WooCommerce Wishlist plugin entirely until patched
- Implement web application firewall rules to block requests to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WooCommerce Wishlist version. If version is 1.8.7 or lower, you are vulnerable.Check Version:
wp plugin list --name='smart-wishlist-for-more-convert' --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.8.8 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to wishlist PDF download endpoints
- Multiple failed or successful requests to /wp-content/plugins/smart-wishlist-for-more-convert/ with wishlist ID parameters
Network Indicators:
- HTTP requests to wishlist PDF download functionality with manipulated parameters
- Unusual traffic to wishlist-related endpoints from unauthenticated users
SIEM Query:
source="wordpress" AND (uri="/wp-content/plugins/smart-wishlist-for-more-convert/" AND (method="GET" OR method="POST") AND parameters CONTAINS "wishlist_id")🔗 References
- https://plugins.trac.wordpress.org/browser/smart-wishlist-for-more-convert/trunk/includes/class-wlfmc-form-handler.php#L607
- https://plugins.trac.wordpress.org/browser/smart-wishlist-for-more-convert/trunk/includes/class-wlfmc-wishlist.php#L529
- https://plugins.trac.wordpress.org/changeset/3229758/
- https://wordpress.org/plugins/smart-wishlist-for-more-convert/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/59fe7630-ab94-419f-aca5-39b74d86ae4e?source=cve
