CVE-2024-25100
📋 TL;DR
This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserialization in the WP Swings Coupon Referral Program WordPress plugin. Successful exploitation could lead to remote code execution, data theft, or site takeover. All WordPress sites running vulnerable versions of this plugin are affected.
💻 Affected Systems
- WP Swings Coupon Referral Program WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise with remote code execution, administrative access, data exfiltration, and potential lateral movement to other systems.
Likely Case
Unauthenticated attackers achieve remote code execution, install backdoors, deface websites, or steal sensitive data.
If Mitigated
Attackers can still exploit the vulnerability but impact is limited by proper segmentation, monitoring, and least privilege controls.
🎯 Exploit Status
Public exploit details exist, making this easily weaponizable by attackers with minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.4
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Coupon Referral Program'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.8.4+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patching is possible.
wp plugin deactivate coupon-referral-program
Web Application Firewall Rule
allBlock requests containing serialized PHP object patterns targeting the plugin.
🧯 If You Can't Patch
- Immediately disable the Coupon Referral Program plugin via WordPress admin or command line.
- Implement strict network segmentation to isolate the WordPress instance from critical systems.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Coupon Referral Program' version. If version is below 1.8.4, system is vulnerable.Check Version:
wp plugin get coupon-referral-program --field=versionVerify Fix Applied:
Confirm plugin version is 1.8.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin-ajax.php or plugin-specific endpoints
- Log entries showing PHP object deserialization errors or warnings
- Unexpected file creation in wp-content/uploads or plugin directories
Network Indicators:
- HTTP requests containing serialized PHP object patterns (O: followed by numbers)
- Traffic spikes to WordPress XML-RPC or REST API endpoints
- Outbound connections to suspicious IPs from WordPress server
SIEM Query:
source="wordpress.log" AND ("coupon-referral-program" OR "admin-ajax.php") AND ("unserialize" OR "O:" OR "C:")🔗 References
- https://patchstack.com/database/wordpress/plugin/coupon-referral-program/vulnerability/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/coupon-referral-program/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve
