CVE-2024-34551
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform path traversal attacks in the Stockholm WordPress theme, leading to local file inclusion. Attackers can read sensitive files on the server, potentially exposing configuration files, credentials, or other sensitive data. All WordPress sites using Stockholm theme versions up to 9.6 are affected.
💻 Affected Systems
- Select-Themes Stockholm WordPress Theme
📦 What is this software?
Stockholm by Select Themes
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like wp-config.php containing database credentials, followed by database takeover and potential remote code execution.
Likely Case
Unauthenticated attackers reading sensitive server files, potentially exposing database credentials, configuration files, or other sensitive information that could lead to further attacks.
If Mitigated
Limited information disclosure if proper file permissions and web server configurations restrict access to sensitive files.
🎯 Exploit Status
Exploitation is straightforward with publicly available proof-of-concept code. Attackers can craft simple HTTP requests to exploit the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 9.7 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/stockholm/wordpress-stockholm-theme-9-6-unauthenticated-local-file-inclusion-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Stockholm theme updates. 4. Update to version 9.7 or later. 5. If no update is available, remove the theme and replace with a secure alternative.
🔧 Temporary Workarounds
Disable Stockholm Theme
allTemporarily disable the vulnerable theme until patched
wp theme deactivate stockholm
Web Application Firewall Rule
allBlock path traversal patterns in requests
Add WAF rule to block requests containing '../' or similar path traversal sequences
🧯 If You Can't Patch
- Remove Stockholm theme completely and use a different theme
- Implement strict file permissions and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress theme version in Appearance > Themes or run: wp theme list --field=name,status,version | grep stockholmCheck Version:
wp theme list --field=name,version | grep stockholmVerify Fix Applied:
Confirm Stockholm theme version is 9.7 or higher: wp theme list --field=name,version | grep stockholm📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' sequences targeting Stockholm theme files
- Multiple 200 OK responses for unexpected file types (like .php, .env, config files)
- Requests to theme files with unusual parameters
Network Indicators:
- Unusual file read patterns from web server
- Requests bypassing normal WordPress routing to access theme files directly
SIEM Query:
source="web_access_logs" AND (url="*stockholm*" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*"))