CVE-2024-35743 – This path traversal vulnerability in the Sitecl... (How to Fix)

Q: What is the severity of CVE-2024-35743?

CVE-2024-35743 has a CVSS score of 8.6 (HIGH). This path traversal vulnerability in the Siteclean SC filechecker WordPress plugin allows attackers to manipulate files outside intended directories. It affects all versions up to 0.6, potentially enabling arbitrary file deletion on vulnerable WordPress installations.

📋 TL;DR

This path traversal vulnerability in the Siteclean SC filechecker WordPress plugin allows attackers to manipulate files outside intended directories. It affects all versions up to 0.6, potentially enabling arbitrary file deletion on vulnerable WordPress installations.

💻 Affected Systems

Products:

Siteclean SC filechecker WordPress plugin

Versions: All versions up to and including 0.6

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin activated. No special configuration needed for exploitation.

📦 What is this software?

Sc Filechecker by Sc Filechecker Project

View all CVEs affecting Sc Filechecker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, website defacement, or installation of backdoors leading to data theft and service disruption.

🟠

Likely Case

Website defacement, deletion of WordPress files causing site downtime, or manipulation of configuration files to gain administrative access.

🟢

If Mitigated

Limited impact with proper file permissions and web server restrictions, potentially only affecting non-critical files within the web directory.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities are commonly exploited with simple HTTP requests. Public proof-of-concept exists in vulnerability databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 0.6 (check for updates)

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-file-checker/wordpress-sc-filechecker-plugin-0-6-arbitrary-file-deletion-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find SC filechecker plugin. 4. Click 'Update Now' if available. 5. If no update, deactivate and delete the plugin immediately.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Deactivate the SC filechecker plugin to prevent exploitation

wp plugin deactivate sc-filechecker

Restrict file permissions

linux

Set strict file permissions on web directory to limit damage

chmod 644 wp-content/plugins/sc-filechecker/*
chmod 755 wp-content/plugins/sc-filechecker/

🧯 If You Can't Patch

Deactivate and remove the SC filechecker plugin immediately
Implement web application firewall (WAF) rules to block path traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for SC filechecker version 0.6 or earlier

Check Version:

wp plugin get sc-filechecker --field=version

Verify Fix Applied:

Verify plugin is either updated to version after 0.6 or completely removed from plugins directory

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' patterns to plugin endpoints
File deletion operations in web server logs
404 errors for unexpected file paths

Network Indicators:

HTTP requests with path traversal sequences to /wp-content/plugins/sc-filechecker/

SIEM Query:

source="web_server" AND (uri="*../*" AND uri="*sc-filechecker*")

📊 Metadata

CVE ID: CVE-2024-35743

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-22

Published: June 10, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35743, you might also want to check these: