CVE-2024-35728 – This CVE describes a code injection vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-35728?

CVE-2024-35728 has a CVSS score of 5.3 (MEDIUM). This CVE describes a code injection vulnerability in the PPOM for WooCommerce WordPress plugin. Attackers can inject malicious code that gets executed by downstream components, potentially leading to arbitrary code execution. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This CVE describes a code injection vulnerability in the PPOM for WooCommerce WordPress plugin. Attackers can inject malicious code that gets executed by downstream components, potentially leading to arbitrary code execution. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

PPOM for WooCommerce (WordPress plugin)

Versions: All versions up to and including 32.0.20

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WooCommerce to be installed and PPOM plugin active. WordPress multisite installations may also be affected.

📦 What is this software?

Product Addons \& Fields For Woocommerce by Themeisle

View all CVEs affecting Product Addons \& Fields For Woocommerce →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete site compromise, data theft, malware installation, or site defacement.

🟠

Likely Case

Content injection leading to site defacement, SEO spam injection, or limited code execution within WordPress context.

🟢

If Mitigated

No impact if plugin is patched or disabled, or if input validation prevents exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Injection vulnerabilities in WordPress plugins are frequently exploited. While no public PoC is confirmed, similar vulnerabilities are often weaponized quickly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 32.0.21 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/woocommerce-product-addon/wordpress-product-addons-fields-for-woocommerce-plugin-32-0-20-content-injection-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'PPOM for WooCommerce'. 4. Click 'Update Now' if available. 5. Alternatively, download version 32.0.21+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable PPOM Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate woocommerce-product-addon

Restrict User Access

all

Limit plugin management to trusted administrators only.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block injection attempts
Disable the PPOM plugin entirely and use alternative WooCommerce addon solutions

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for PPOM for WooCommerce version. If version is 32.0.20 or lower, you are vulnerable.

Check Version:

wp plugin get woocommerce-product-addon --field=version

Verify Fix Applied:

After updating, verify plugin version shows 32.0.21 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to PPOM-related endpoints
Unexpected file modifications in wp-content/plugins/woocommerce-product-addon

Network Indicators:

HTTP requests containing suspicious injection payloads to PPOM endpoints

SIEM Query:

source="wordpress.log" AND ("PPOM" OR "woocommerce-product-addon") AND ("injection" OR "eval" OR "base64_decode")

📊 Metadata

CVE ID: CVE-2024-35728

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-74

Published: June 10, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35728, you might also want to check these: