CVE-2024-27964 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2024-27964?

CVE-2024-27964 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Zippy plugin, potentially leading to remote code execution. It affects all versions up to 1.6.9 of the Zippy plugin by Gesundheit Bewegt GmbH. WordPress administrators using this plugin are at risk.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Zippy plugin, potentially leading to remote code execution. It affects all versions up to 1.6.9 of the Zippy plugin by Gesundheit Bewegt GmbH. WordPress administrators using this plugin are at risk.

💻 Affected Systems

Products:

WordPress Zippy Plugin by Gesundheit Bewegt GmbH

Versions: All versions up to and including 1.6.9

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Zippy plugin active. No special configuration needed.

📦 What is this software?

Zippy by Gesundheit Bewegt

View all CVEs affecting Zippy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via webshell upload leading to data theft, ransomware deployment, or site defacement.

🟠

Likely Case

Unauthorized file upload leading to backdoor installation, malware distribution, or privilege escalation.

🟢

If Mitigated

File upload attempts blocked or logged with no successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access but is technically simple once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.0 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-9-arbitrary-file-upload-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Zippy plugin and click 'Update Now'. 4. Verify update to version 1.7.0 or higher.

🔧 Temporary Workarounds

Disable Zippy Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate zippy

Restrict File Uploads via .htaccess

linux

Block execution of uploaded files in WordPress uploads directory

Add to .htaccess in wp-content/uploads: <Files *.php> deny from all </Files>

🧯 If You Can't Patch

Remove or disable the Zippy plugin immediately
Implement web application firewall rules to block file uploads to Zippy endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Zippy version ≤1.6.9

Check Version:

wp plugin get zippy --field=version

Verify Fix Applied:

Confirm Zippy plugin version is 1.7.0 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to wp-content/uploads via Zippy endpoints
POST requests to /wp-admin/admin-ajax.php with file upload parameters

Network Indicators:

HTTP POST requests with file uploads to Zippy-specific endpoints
Unexpected .php files in uploads directory

SIEM Query:

source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" AND method="POST" AND (user_agent CONTAINS "curl" OR user_agent CONTAINS "wget"))

📊 Metadata

CVE ID: CVE-2024-27964

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: March 21, 2024

Last Updated: February 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27964, you might also want to check these: