CVE-2024-24797 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-24797?

CVE-2024-24797 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to perform PHP object injection via deserialization of untrusted data in the ERE Recently Viewed WordPress plugin. Attackers can execute arbitrary code, potentially leading to complete system compromise. All WordPress sites using affected versions of this plugin are vulnerable.

📋 TL;DR

This vulnerability allows unauthenticated attackers to perform PHP object injection via deserialization of untrusted data in the ERE Recently Viewed WordPress plugin. Attackers can execute arbitrary code, potentially leading to complete system compromise. All WordPress sites using affected versions of this plugin are vulnerable.

💻 Affected Systems

Products:

G5Theme ERE Recently Viewed – Essential Real Estate Add-On WordPress plugin

Versions: All versions up to and including 1.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the plugin enabled are vulnerable. No special configuration required.

📦 What is this software?

Ere Recently Viewed by G5plus

View all CVEs affecting Ere Recently Viewed →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server takeover, data theft, malware deployment, and lateral movement within the network.

🟠

Likely Case

Unauthenticated attackers gain shell access to the web server, install backdoors, deface websites, or steal sensitive data.

🟢

If Mitigated

With proper web application firewalls and intrusion detection, exploitation attempts are blocked and logged, preventing successful attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available. Attack requires no authentication and minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/ere-recently-viewed/wordpress-ere-recently-viewed-plugin-1-3-unauthenticated-php-object-injection-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'ERE Recently Viewed' plugin. 4. Update to version 1.4 or later. 5. If update not available, deactivate and delete the plugin immediately.

🔧 Temporary Workarounds

Disable Plugin

all

Deactivate the vulnerable plugin to prevent exploitation

wp plugin deactivate ere-recently-viewed

Web Application Firewall Rule

all

Block requests containing serialized PHP object payloads

🧯 If You Can't Patch

Deactivate and remove the ERE Recently Viewed plugin immediately
Implement strict WAF rules to block deserialization attacks and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > ERE Recently Viewed version. If version is 1.3 or earlier, you are vulnerable.

Check Version:

wp plugin get ere-recently-viewed --field=version

Verify Fix Applied:

Verify plugin version is 1.4 or later in WordPress admin panel. Test with security scanner or manual validation.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WordPress endpoints
PHP errors related to unserialize()
Unexpected file creation in wp-content/uploads

Network Indicators:

HTTP requests with serialized PHP objects in parameters
Traffic spikes to vulnerable endpoints

SIEM Query:

source="web_logs" AND (uri_path="*ere-recently-viewed*" OR post_data="*O:*")

📊 Metadata

CVE ID: CVE-2024-24797

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: February 12, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24797, you might also want to check these: