CVE-2024-28850 – WP Crontrol plugin for WordPress has a potentia... (How to Fix)

📋 TL;DR

WP Crontrol plugin for WordPress has a potential remote code execution vulnerability through vulnerability chaining. The plugin's PHP cron event feature could be exploited if combined with other vulnerabilities like SQL injection or database compromise. This affects WordPress sites using WP Crontrol versions before 1.16.2.

💻 Affected Systems

Products:

WP Crontrol WordPress Plugin

Versions: All versions before 1.16.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative access or chaining with other vulnerabilities to exploit

📦 What is this software?

Wp Crontrol by Johnbillion

View all CVEs affecting Wp Crontrol →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full site compromise with remote code execution leading to data theft, malware installation, or complete server takeover

🟠

Likely Case

Limited impact requiring chaining with other vulnerabilities; most sites would only be affected if already compromised through other means

🟢

If Mitigated

No direct exploitation possible when using patched version; other vulnerabilities would need to be present

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires chaining with other vulnerabilities like SQL injection, database compromise, or arbitrary option updates

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.16.2

Vendor Advisory: https://github.com/johnbillion/wp-crontrol/security/advisories/GHSA-9xvf-cjvf-ff5q

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find WP Crontrol
4. Click 'Update Now' if available
5. Or download version 1.16.2+ from WordPress repository
6. Upload and replace existing plugin

🔧 Temporary Workarounds

Disable PHP cron events feature

all

Prevent creation of PHP cron events through WP Crontrol

Add define('WP_CRONTROL_DISABLE_PHP', true); to wp-config.php

Remove plugin temporarily

linux

Deactivate WP Crontrol until patched

wp plugin deactivate wp-crontrol

🧯 If You Can't Patch

Restrict administrative access to trusted users only
Implement web application firewall rules to detect and block SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Check WP Crontrol plugin version in WordPress admin under Plugins → Installed Plugins

Check Version:

wp plugin get wp-crontrol --field=version

Verify Fix Applied:

Verify WP Crontrol version is 1.16.2 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual cron event creation
PHP code execution in cron logs
SQL injection attempts in web server logs

Network Indicators:

Unexpected outbound connections from cron processes
Unusual database queries from web application

SIEM Query:

source="wordpress" AND ("wp-crontrol" OR "cron event") AND ("php" OR "execute" OR "code")

📊 Metadata

CVE ID: CVE-2024-28850

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-494

Published: March 25, 2024

Last Updated: December 5, 2025

🔗 References

https://github.com/johnbillion/wp-crontrol/releases/tag/1.16.2 Release Notes
https://github.com/johnbillion/wp-crontrol/security/advisories/GHSA-9xvf-cjvf-ff5q Vendor Advisory
https://github.com/johnbillion/wp-crontrol/releases/tag/1.16.2 Release Notes
https://github.com/johnbillion/wp-crontrol/security/advisories/GHSA-9xvf-cjvf-ff5q Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28850, you might also want to check these: