CVE-2024-13703
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to enable/disable plugin widgets without proper authorization. It affects all WordPress sites using the CRM and Lead Management by vcita plugin up to version 2.7.1. Attackers can disrupt plugin functionality but cannot directly access sensitive data.
💻 Affected Systems
- CRM and Lead Management by vcita WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Malicious users could disable critical CRM widgets, disrupting lead capture and customer management functions, potentially causing business impact.
Likely Case
Low-privilege users could toggle widget visibility, causing minor interface disruptions but no data compromise.
If Mitigated
With proper user role management and monitoring, impact is limited to temporary widget visibility changes.
🎯 Exploit Status
Exploitation requires sending crafted AJAX requests to the vulnerable function. No authentication bypass needed beyond basic WordPress user account.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'CRM and Lead Management by vcita'. 4. Click 'Update Now' if available, or manually update to version 2.7.2+. 5. Verify plugin is active and functioning.
🔧 Temporary Workarounds
Remove vulnerable plugin
linuxTemporarily disable or remove the plugin until patched
wp plugin deactivate crm-customer-relationship-management-by-vcita
wp plugin delete crm-customer-relationship-management-by-vcita
Restrict user roles
allLimit Subscriber-level accounts or implement additional access controls
🧯 If You Can't Patch
- Disable the vcita plugin entirely until patching is possible
- Implement web application firewall rules to block requests to vcita_ajax_toggle_ae function
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > CRM and Lead Management by vcita. If version is 2.7.1 or lower, you are vulnerable.Check Version:
wp plugin get crm-customer-relationship-management-by-vcita --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.7.2 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=vcita_ajax_toggle_ae from non-admin users
- Unusual widget configuration changes in vcita plugin logs
Network Indicators:
- AJAX requests to toggle widget settings from unauthorized user accounts
SIEM Query:
source="wordpress" AND uri="/wp-admin/admin-ajax.php" AND post_data="action=vcita_ajax_toggle_ae" AND user_role!="administrator"