CVE-2024-37520
📋 TL;DR
This path traversal vulnerability in the ShopBuilder WordPress plugin allows attackers to access files outside the intended directory. It affects WordPress sites using ShopBuilder – Elementor WooCommerce Builder Addons plugin versions up to 2.1.12. Attackers could potentially read sensitive server files.
💻 Affected Systems
- ShopBuilder – Elementor WooCommerce Builder Addons
📦 What is this software?
Shopbuilder by Radiustheme
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through reading sensitive configuration files (like wp-config.php) containing database credentials, potentially leading to complete site takeover.
Likely Case
Unauthorized reading of sensitive files containing configuration data, user information, or other restricted content.
If Mitigated
Limited impact if proper file permissions and web server restrictions prevent access to sensitive files.
🎯 Exploit Status
Path traversal vulnerabilities are typically easy to exploit with publicly available tools and techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.13 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'ShopBuilder – Elementor WooCommerce Builder Addons'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.1.13+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the ShopBuilder plugin until patched
wp plugin deactivate shopbuilder
Web server path restriction
allConfigure web server to restrict directory traversal attempts
# For Apache: Add to .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} \.\./ [NC]
RewriteRule .* - [F]
</IfModule>
# For Nginx: Add to server block
location ~* \.\./ {
deny all;
return 403;
}
🧯 If You Can't Patch
- Remove the plugin entirely if not essential for site functionality
- Implement web application firewall (WAF) rules to block path traversal patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for ShopBuilder version. If version is 2.1.12 or earlier, you are vulnerable.Check Version:
wp plugin get shopbuilder --field=versionVerify Fix Applied:
Verify plugin version is 2.1.13 or later in WordPress admin panel. Test path traversal attempts should return 403/404 errors.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' or '..\' patterns
- Requests to unexpected file paths in plugin directories
- 403/404 errors for traversal attempts if blocked
Network Indicators:
- Unusual file access patterns to sensitive paths
- Requests with encoded traversal sequences (%2e%2e%2f)
SIEM Query:
web_access_logs WHERE url CONTAINS '../' OR url CONTAINS '..\' AND url CONTAINS 'shopbuilder'🔗 References
- https://patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve
