CVE-2024-35672 – This CVE describes a Missing Authorization vuln... (How to Fix)

Q: What is the severity of CVE-2024-35672?

CVE-2024-35672 has a CVSS score of 7.5 (HIGH). This CVE describes a Missing Authorization vulnerability in the Netgsm WordPress plugin that allows unauthorized users to perform privileged actions. It affects all WordPress sites running Netgsm plugin versions up to 2.9.19. Attackers can exploit this to manipulate SMS functionality or access sensitive data.

📋 TL;DR

This CVE describes a Missing Authorization vulnerability in the Netgsm WordPress plugin that allows unauthorized users to perform privileged actions. It affects all WordPress sites running Netgsm plugin versions up to 2.9.19. Attackers can exploit this to manipulate SMS functionality or access sensitive data.

💻 Affected Systems

Products:

WordPress Netgsm Plugin

Versions: n/a through 2.9.19

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the Netgsm plugin installed and activated.

📦 What is this software?

Netgsm by Netgsm

View all CVEs affecting Netgsm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of SMS functionality allowing unauthorized SMS sending, billing manipulation, or data exfiltration from connected systems.

🟠

Likely Case

Unauthorized users sending SMS messages at the site owner's expense or accessing SMS-related data.

🟢

If Mitigated

Limited impact with proper network segmentation and strong authentication controls in place.

🌐 Internet-Facing: HIGH - WordPress plugins are typically internet-facing and accessible via web interfaces.

🏢 Internal Only: MEDIUM - Internal users could still exploit if they have network access to the WordPress instance.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Missing authorization vulnerabilities typically require minimal technical skill to exploit once the vulnerable endpoint is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.20 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/netgsm/wordpress-netgsm-plugin-2-9-16-broken-access-control-vulnerability-2?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Netgsm plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.9.20+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Netgsm Plugin

all

Temporarily deactivate the vulnerable plugin until patching is possible.

wp plugin deactivate netgsm

Restrict Access via Web Application Firewall

all

Block access to Netgsm plugin endpoints using WAF rules.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the WordPress instance
Enable detailed logging and monitoring for unauthorized access attempts to Netgsm endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Netgsm version. If version is 2.9.19 or lower, you are vulnerable.

Check Version:

wp plugin get netgsm --field=version

Verify Fix Applied:

After updating, verify Netgsm plugin version shows 2.9.20 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unauthorized POST requests to /wp-admin/admin-ajax.php with netgsm-related actions
Unexpected SMS sending activity in Netgsm logs

Network Indicators:

Unusual outbound SMS traffic patterns
Requests to Netgsm API endpoints from unauthorized IPs

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php") AND (action="*netgsm*") AND user="unauthenticated"

📊 Metadata

CVE ID: CVE-2024-35672

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-862

Published: June 4, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35672, you might also want to check these: