CVE-2024-37940
📋 TL;DR
This CSRF vulnerability in Seraphinite Accelerator WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions, specifically arbitrary file deletion. It affects all versions up to 2.21.13 of the premium plugin. WordPress sites using this plugin are vulnerable if administrators visit malicious pages while logged in.
💻 Affected Systems
- Seraphinite Solutions Seraphinite Accelerator (Full, premium)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete website compromise through deletion of critical WordPress files, leading to site unavailability, data loss, and potential privilege escalation.
Likely Case
Partial website disruption through deletion of theme/plugin files, causing broken functionality and requiring restoration from backups.
If Mitigated
No impact if proper CSRF protections are implemented or administrators avoid suspicious links while authenticated.
🎯 Exploit Status
CSRF attacks are well-understood and easy to weaponize. Requires social engineering to trick administrators.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2.21.13
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Seraphinite Accelerator (Full, premium). 4. Click 'Update Now' if available. 5. Alternatively, download latest version from vendor and upload via FTP.
🔧 Temporary Workarounds
CSRF Protection via WordPress Nonces
allImplement custom nonce verification for plugin actions
Add wp_nonce_field() and wp_verify_nonce() checks to plugin forms and actions
Disable Plugin
allTemporarily disable vulnerable plugin until patched
Navigate to WordPress Plugins → Installed Plugins → Deactivate Seraphinite Accelerator
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block CSRF attempts
- Educate administrators to log out of WordPress when not actively managing site
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Seraphinite Accelerator version. If version is 2.21.13 or lower, you are vulnerable.Check Version:
WordPress: Check Plugins page or use wp plugin list --field=version --name=seraphinite-accelerator-extVerify Fix Applied:
Verify plugin version is higher than 2.21.13 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple file deletion requests from same administrator session
- POST requests to plugin endpoints without referrer headers
Network Indicators:
- Unusual file deletion patterns via WordPress XML-RPC or admin-ajax.php
SIEM Query:
source="wordpress.log" AND ("wp-content/plugins/seraphinite-accelerator" AND "delete")🔗 References
- https://patchstack.com/database/vulnerability/seraphinite-accelerator-ext/wordpress-seraphinite-accelerator-full-premium-plugin-2-21-13-csrf-leading-to-arbitrary-file-deletion-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/seraphinite-accelerator-ext/wordpress-seraphinite-accelerator-full-premium-plugin-2-21-13-csrf-leading-to-arbitrary-file-deletion-vulnerability?_s_id=cve
