CVE-2024-31345
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Auto Poster plugin. Attackers can upload malicious files like PHP shells, leading to remote code execution. All WordPress sites using Auto Poster version 1.2 or earlier are affected.
💻 Affected Systems
- WordPress Auto Poster plugin by Sukhchain Singh
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise via remote code execution, allowing attackers to install backdoors, steal data, deface websites, or use the server for further attacks.
Likely Case
Website defacement, malware injection, credential theft, or unauthorized content posting.
If Mitigated
Limited impact if file uploads are restricted via web application firewall or server configuration, though the vulnerability remains present.
🎯 Exploit Status
Exploitation requires no authentication and is straightforward via HTTP requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None
Vendor Advisory: https://patchstack.com/database/vulnerability/auto-poster/wordpress-auto-poster-plugin-1-2-arbitrary-file-upload-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Locate 'Auto Poster' and click Deactivate. 4. Click Delete to remove the plugin completely.
🔧 Temporary Workarounds
Restrict file uploads via .htaccess
linuxBlock execution of uploaded files in the uploads directory.
Add to .htaccess in wp-content/uploads/: <Files *.php> deny from all </Files>
Web Application Firewall rule
allBlock file uploads with dangerous extensions to the plugin endpoint.
🧯 If You Can't Patch
- Immediately disable and remove the Auto Poster plugin from all WordPress installations.
- Implement strict file upload validation at the server level using mod_security or similar tools.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for 'Auto Poster' version 1.2 or earlier.Check Version:
wp plugin list --name=auto-poster --field=versionVerify Fix Applied:
Confirm the plugin is no longer listed in installed plugins or is deactivated.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-content/plugins/auto-poster/ upload endpoints with file extensions like .php, .phtml, .exe
- Files with unusual names appearing in wp-content/uploads/
Network Indicators:
- Unusual outbound connections from the WordPress server post-upload
SIEM Query:
source="web_server" AND (uri_path="/wp-content/plugins/auto-poster/" AND method="POST" AND file_extension IN ("php", "phtml", "exe"))