CVE-2024-27951
📋 TL;DR
This vulnerability allows attackers to upload malicious files, such as web shells, to WordPress servers running the vulnerable Multiple Page Generator Plugin (MPG). It affects all versions up to 3.4.0, enabling remote code execution and potential full server compromise. WordPress administrators using this plugin are at risk.
💻 Affected Systems
- Multiple Page Generator Plugin – MPG for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full server takeover via web shell, leading to data theft, defacement, or ransomware deployment.
Likely Case
Unauthorized file upload resulting in web shell installation and remote code execution on the web server.
If Mitigated
Limited impact if file uploads are restricted or the plugin is disabled, but risk remains if unpatched.
🎯 Exploit Status
Exploitation is straightforward via file upload; public proof-of-concept details are available online.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.4.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Multiple Page Generator Plugin – MPG' and update to version 3.4.1 or later. 4. Verify the update completes successfully.
🔧 Temporary Workarounds
Disable the MPG plugin
allTemporarily deactivate the plugin to prevent exploitation until patching is possible.
wp plugin deactivate multiple-pages-generator-by-porthas
Restrict file uploads via web server
linuxConfigure web server (e.g., Apache, Nginx) to block uploads of dangerous file types like .php, .phtml.
For Apache: Add 'Deny from all' to .htaccess in upload directories
For Nginx: Use 'location ~ \.php$ { deny all; }' in server config
🧯 If You Can't Patch
- Remove the MPG plugin entirely from the WordPress installation.
- Implement network-level controls to block suspicious upload requests to the plugin's endpoints.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is 3.4.0 or earlier, it is vulnerable.Check Version:
wp plugin get multiple-pages-generator-by-porthas --field=versionVerify Fix Applied:
After updating, confirm the plugin version is 3.4.1 or later in the WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to MPG plugin directories (e.g., .php files) in web server logs
- HTTP POST requests to upload endpoints with suspicious filenames
Network Indicators:
- Traffic spikes to MPG plugin URLs, especially upload-related paths
- Outbound connections from the server to unknown IPs post-upload
SIEM Query:
source="web_logs" AND uri="/wp-content/plugins/multiple-pages-generator-by-porthas/*" AND method="POST" AND (file_extension="php" OR file_extension="phtml")🔗 References
- https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-3-4-0-remote-code-execution-rce-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-3-4-0-remote-code-execution-rce-vulnerability?_s_id=cve
