CVE-2024-35712
📋 TL;DR
This path traversal vulnerability in Jordy Meow Database Cleaner WordPress plugin allows attackers to read arbitrary files on the server by manipulating file paths. It affects all WordPress sites running Database Cleaner plugin versions up to 1.0.5. Attackers can potentially access sensitive configuration files and other restricted data.
💻 Affected Systems
- WordPress Database Cleaner: Clean, Optimize, Repair plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like wp-config.php containing database credentials, leading to database takeover and potential site defacement or data theft.
Likely Case
Unauthorized reading of sensitive files including configuration files, potentially exposing database credentials and other secrets.
If Mitigated
Limited impact with proper file permissions and web server restrictions, though sensitive information may still be exposed.
🎯 Exploit Status
Exploitation requires no authentication and uses simple path traversal techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.6 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Database Cleaner plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.0.6+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Database Cleaner plugin until patched
Web server path restrictions
linuxConfigure web server to block directory traversal attempts
# For Apache: Add to .htaccess
RewriteCond %{REQUEST_URI} \.\. [NC]
RewriteRule .* - [F]
🧯 If You Can't Patch
- Remove or disable the Database Cleaner plugin immediately
- Implement strict file permissions and web application firewall rules to block path traversal patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Database Cleaner version. If version is 1.0.5 or earlier, you are vulnerable.Check Version:
wp plugin list --name=database-cleaner --field=versionVerify Fix Applied:
Verify plugin version is 1.0.6 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' patterns to plugin endpoints
- Unusual file access attempts to sensitive paths like wp-config.php
Network Indicators:
- HTTP requests with path traversal sequences (../, ..\) to /wp-content/plugins/database-cleaner/
SIEM Query:
source="web_logs" AND (uri="*../*" OR uri="*..\\*") AND uri="*/database-cleaner/*"🔗 References
- https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-clean-optimize-repair-plugin-1-0-5-arbitrary-file-read-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-clean-optimize-repair-plugin-1-0-5-arbitrary-file-read-vulnerability?_s_id=cve
