CVE-2024-43261 – This vulnerability allows attackers to include ... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to include remote PHP files through improper filename control in the Compute Links WordPress plugin. Attackers can execute arbitrary code on affected servers, potentially taking full control. All WordPress sites running Compute Links version 1.2.1 or earlier are affected.

💻 Affected Systems

Products:

WordPress Compute Links Plugin

Versions: n/a through 1.2.1

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Compute Links plugin active

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or website defacement

🟠

Likely Case

Unauthenticated remote code execution allowing backdoor installation and data exfiltration

🟢

If Mitigated

Limited impact if proper web application firewalls and file inclusion restrictions are in place

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests can trigger the vulnerability without authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.2 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/compute-links/wordpress-compute-links-plugin-1-2-1-remote-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find Compute Links plugin
4. Click 'Update Now' if update available
5. If no update, deactivate and delete plugin
6. Install latest version from WordPress repository

🔧 Temporary Workarounds

Disable PHP allow_url_include

all

Prevents PHP from including remote files via URL

php.ini: allow_url_include = Off

Web Application Firewall Rule

all

Block requests containing suspicious include/require parameters

🧯 If You Can't Patch

Immediately deactivate and remove the Compute Links plugin
Implement strict input validation and sanitization for all user-controlled file paths

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Compute Links version. If version is 1.2.1 or earlier, you are vulnerable.

Check Version:

wp plugin list --name=compute-links --field=version

Verify Fix Applied:

Verify plugin version is 1.2.2 or later in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual PHP include/require statements in web server logs
Requests with suspicious file parameters to Compute Links endpoints

Network Indicators:

HTTP requests containing remote URLs in file inclusion parameters
Unexpected outbound connections from web server

SIEM Query:

source="web_server_logs" AND ("include" OR "require") AND ("http://" OR "https://" OR "ftp://") AND "compute-links"

📊 Metadata

CVE ID: CVE-2024-43261

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-98

Published: August 19, 2024

Last Updated: August 19, 2024

🔗 References

https://patchstack.com/database/vulnerability/compute-links/wordpress-compute-links-plugin-1-2-1-remote-file-inclusion-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43261, you might also want to check these: