CVE-2024-37420
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the Zita Elementor Site Library plugin. Attackers can achieve remote code execution and full server compromise. All WordPress sites running vulnerable versions of this plugin are affected.
💻 Affected Systems
- Zita Elementor Site Library WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover, data exfiltration, ransomware deployment, and use as pivot point for lateral movement.
Likely Case
Web shell upload leading to website defacement, credential theft, and malware distribution.
If Mitigated
Limited impact with proper file upload restrictions and web application firewalls in place.
🎯 Exploit Status
Exploit requires no authentication and is trivial to execute with publicly available tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.2 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Zita Elementor Site Library. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.6.2+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate zita-site-library
File Upload Restriction
allAdd web application firewall rules to block dangerous file uploads.
# Configure WAF to block .php, .phtml, .phar, .php5, .php7 uploads
🧯 If You Can't Patch
- Remove plugin entirely if not essential
- Implement strict file upload validation at web server level
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Zita Elementor Site Library version. If version is 1.6.1 or earlier, you are vulnerable.Check Version:
wp plugin get zita-site-library --field=versionVerify Fix Applied:
Verify plugin version is 1.6.2 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads/zita-site-library/
- POST requests to /wp-admin/admin-ajax.php with file upload parameters
- Execution of PHP files from upload directories
Network Indicators:
- HTTP POST requests with file uploads to plugin endpoints
- Unusual outbound connections from web server
SIEM Query:
source="web_server" AND (uri_path="*admin-ajax.php*" AND method="POST" AND (file_extension="php" OR file_extension="phtml" OR file_extension="phar"))🔗 References
- https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability?_s_id=cve
