CVE-2024-3107
📋 TL;DR
The Spectra WordPress plugin (formerly Ultimate Addons for Gutenberg) has a path traversal vulnerability that allows authenticated users with contributor-level permissions or higher to read any attributes.php files on the server. This can expose sensitive information like database credentials or configuration details. WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Spectra - WordPress Gutenberg Blocks (formerly Ultimate Addons for Gutenberg)
📦 What is this software?
Spectra by Brainstormforce
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain database credentials or other sensitive configuration data, leading to complete site compromise, data theft, or further server exploitation.
Likely Case
Attackers read sensitive configuration files containing database credentials, API keys, or other secrets, potentially enabling database access or privilege escalation.
If Mitigated
Limited exposure of non-critical configuration files with proper file permissions and monitoring in place.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once authenticated. The vulnerability details are publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.12.7 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3062684/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Spectra' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.12.7+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Restrict Contributor Access
allTemporarily remove contributor-level permissions from untrusted users until patching is complete.
WordPress admin: Users → All Users → Edit user roles
File Permission Hardening
linuxSet strict permissions on sensitive files to prevent unauthorized reading.
chmod 600 /path/to/sensitive/attributes.php files
🧯 If You Can't Patch
- Remove the Spectra plugin entirely if not essential for site functionality
- Implement strict access controls and monitor for suspicious file access attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin: Plugins → Installed Plugins, find Spectra plugin version. If version is 2.12.6 or lower, you are vulnerable.Check Version:
WordPress CLI: wp plugin get spectra --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.12.7 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns to attributes.php files
- Multiple failed or successful attempts to access plugin files by contributor-level users
Network Indicators:
- HTTP requests to plugin files with path traversal patterns
SIEM Query:
source="wordpress" AND (uri="*attributes.php*" OR uri="*get_block_default_attributes*")🔗 References
- https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189
- https://plugins.trac.wordpress.org/changeset/3062684/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve
- https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189
- https://plugins.trac.wordpress.org/changeset/3062684/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve
