CVE-2024-1862
📋 TL;DR
This vulnerability in the WooCommerce Add to Cart Custom Redirect plugin allows authenticated attackers with contributor-level access or higher to modify arbitrary site options, potentially leading to data loss or unauthorized configuration changes. It affects all WordPress sites using vulnerable versions of this plugin.
💻 Affected Systems
- WooCommerce Add to Cart Custom Redirect plugin for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify critical WordPress options like site URL, admin email, or plugin settings, causing site disruption, data loss, or enabling further attacks.
Likely Case
Attackers with contributor access could disable security notices, modify plugin settings, or disrupt site functionality by changing configuration options.
If Mitigated
With proper access controls and monitoring, impact is limited to minor configuration changes that can be detected and reverted.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once access is obtained
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.14
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'WooCommerce Add to Cart Custom Redirect'
4. Click 'Update Now' if available
5. If not available, download version 1.2.14 from WordPress repository and manually update
🔧 Temporary Workarounds
Remove vulnerable plugin
allTemporarily disable or remove the vulnerable plugin until patched
wp plugin deactivate woocommerce-add-to-cart-custom-redirect
wp plugin delete woocommerce-add-to-cart-custom-redirect
Restrict user roles
allLimit contributor and author roles to trusted users only
🧯 If You Can't Patch
- Disable the plugin entirely until patched
- Implement strict access controls and monitor user activity logs
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'WooCommerce Add to Cart Custom Redirect' version 1.2.13 or lowerCheck Version:
wp plugin get woocommerce-add-to-cart-custom-redirect --field=versionVerify Fix Applied:
Verify plugin version shows 1.2.14 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- WordPress admin actions from contributor users modifying site options
- Plugin-specific function calls to 'wcr_dismiss_admin_notice'
Network Indicators:
- POST requests to admin-ajax.php or admin-post.php with suspicious parameters
SIEM Query:
source="wordpress" action="option_update" user_role="contributor" OR user_role="author"🔗 References
- https://plugins.trac.wordpress.org/browser/woocommerce-add-to-cart-custom-redirect/tags/1.2.13/woocommerce-custom-redirect.php#L204
- https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.13&old=3047408&new_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.14&new=3047408&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=cve
- https://plugins.trac.wordpress.org/browser/woocommerce-add-to-cart-custom-redirect/tags/1.2.13/woocommerce-custom-redirect.php#L204
- https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.13&old=3047408&new_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.14&new=3047408&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=cve
