CVE-2024-1755
📋 TL;DR
The NPS computy WordPress plugin through version 2.7.5 lacks Cross-Site Request Forgery (CSRF) protection on certain endpoints, allowing attackers to trick authenticated users into performing unintended actions. This affects WordPress sites using the vulnerable plugin version. Attackers could manipulate user accounts or modify site settings without the user's knowledge.
💻 Affected Systems
- NPS computy WordPress plugin
📦 What is this software?
Nps Computy by Computy
⚠️ Risk & Real-World Impact
Worst Case
Attackers could compromise administrator accounts, modify site content, install malicious plugins/themes, or take full control of the WordPress site.
Likely Case
Attackers could manipulate user profiles, change settings, or perform actions within the plugin's functionality that the authenticated user has permission to do.
If Mitigated
With proper CSRF tokens and validation, requests would be rejected unless they originate from legitimate user sessions with valid tokens.
🎯 Exploit Status
Exploitation requires tricking an authenticated user into visiting a malicious page. No authentication bypass is needed beyond the victim's existing session.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.6 or later
Vendor Advisory: https://wpscan.com/vulnerability/481a376b-55be-4afa-94f5-c3cf8a88b8d1/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'NPS computy' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download latest version from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the NPS computy plugin until patched
wp plugin deactivate nps-computy
Implement web application firewall rules
allConfigure WAF to block CSRF attempts targeting plugin endpoints
🧯 If You Can't Patch
- Restrict plugin access to trusted users only and implement additional authentication for sensitive actions
- Monitor WordPress logs for unusual POST requests to plugin endpoints and implement rate limiting
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for NPS computy version. If version is 2.7.5 or earlier, system is vulnerable.Check Version:
wp plugin get nps-computy --field=versionVerify Fix Applied:
Verify plugin version is 2.7.6 or later in WordPress admin panel. Test plugin functionality to ensure CSRF protection is working.📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to NPS computy plugin endpoints from same IP with different user agents
- Unusual plugin actions performed by users without corresponding page views
Network Indicators:
- HTTP requests to plugin endpoints without Referer headers or with external origins
- POST requests containing plugin-specific parameters from unexpected sources
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "nps-computy") AND http_method="POST" AND NOT referer CONTAINS domain