CVE-2024-30231
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files to WordPress sites running the vulnerable WebToffee Product Import Export for WooCommerce plugin. Attackers can upload malicious files like PHP shells, leading to remote code execution. All WordPress sites using affected plugin versions are vulnerable.
💻 Affected Systems
- WebToffee Product Import Export for WooCommerce WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise - attackers gain full control of the WordPress installation, can execute arbitrary code, steal data, deface the site, or install persistent backdoors.
Likely Case
Remote code execution leading to website defacement, data theft, or malware distribution from the compromised site.
If Mitigated
Limited impact if file uploads are restricted at web server level or if the vulnerable endpoint is not accessible.
🎯 Exploit Status
Exploitation is straightforward - attackers can upload malicious files without authentication using the plugin's import functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.2
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Product Import Export for WooCommerce'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.4.2+ from WordPress repository and replace the plugin files.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate product-import-export-for-woo
Restrict file uploads via .htaccess
linuxBlock PHP file uploads to the plugin's upload directory
<FilesMatch "\.(php|php5|php7|phtml|phar)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Disable the Product Import Export for WooCommerce plugin immediately
- Implement web application firewall rules to block requests to the plugin's file upload endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Product Import Export for WooCommerce' version 2.4.1 or lowerCheck Version:
wp plugin get product-import-export-for-woo --field=versionVerify Fix Applied:
Verify plugin version is 2.4.2 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /wp-content/uploads/ directory
- POST requests to /wp-admin/admin-ajax.php with 'action=product_import_export' parameters
- Files with .php extension appearing in upload directories
Network Indicators:
- HTTP POST requests containing file uploads to WooCommerce import endpoints
- Unusual outbound connections from WordPress server after file upload
SIEM Query:
source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data CONTAINS "product_import_export") OR (uri_path CONTAINS "/wp-content/uploads/" AND response_code=200 AND file_extension="php")🔗 References
- https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-4-1-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-4-1-arbitrary-file-upload-vulnerability?_s_id=cve
