CVE-2024-3238
📋 TL;DR
This CSRF vulnerability in the Superfly Responsive Menu WordPress plugin allows unauthenticated attackers to delete arbitrary files on affected websites by tricking administrators into clicking malicious links. All WordPress sites using plugin versions up to 5.0.29 are vulnerable. The risk is particularly high because attackers can target file deletion without authentication.
💻 Affected Systems
- WordPress Superfly Responsive Menu Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete website compromise through deletion of critical WordPress core files, configuration files, or database files, leading to site unavailability and potential data loss.
Likely Case
Selective deletion of plugin files, theme files, or uploaded media causing website functionality issues, broken features, or content loss.
If Mitigated
No impact if proper CSRF protections are in place or if the plugin is updated to patched versions.
🎯 Exploit Status
Exploitation requires social engineering to trick administrators but uses simple HTTP requests. The vulnerability was partially patched in 5.0.28 but fully fixed in 5.0.30.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.0.30
Vendor Advisory: https://codecanyon.net/item/superfly-responsive-wordpress-menu-plugin/8012790
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Superfly Responsive Menu'. 4. Click 'Update Now' if available. 5. If no update appears, download version 5.0.30+ from CodeCanyon and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched version can be installed.
wp plugin deactivate superfly-responsive-menu
Add CSRF Protection
allImplement custom CSRF protection at web application firewall or WordPress level.
🧯 If You Can't Patch
- Remove plugin administrator privileges from users who don't need them
- Implement strict Content Security Policy headers to limit cross-origin requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Superfly Responsive Menu → Version number. If version is 5.0.29 or lower, the site is vulnerable.Check Version:
wp plugin get superfly-responsive-menu --field=versionVerify Fix Applied:
Verify plugin version is 5.0.30 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=delete_icons
- File deletion events in WordPress uploads or plugin directories
- 403 errors from CSRF protection mechanisms
Network Indicators:
- HTTP POST requests with delete_icons action parameter
- Cross-origin requests to admin-ajax.php endpoint
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "delete_icons"