CVE-2024-47645
📋 TL;DR
This vulnerability allows attackers to perform path traversal attacks in the WordPress WPOptin plugin, enabling local file inclusion of PHP files. Attackers can potentially read sensitive files or execute arbitrary code on affected WordPress sites. All WordPress installations using WPOptin plugin versions up to 2.0.1 are vulnerable.
💻 Affected Systems
- WordPress WPOptin plugin (Top Bar – PopUps – by WPOptin)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, and website defacement.
Likely Case
Sensitive file disclosure including configuration files, database credentials, and user data.
If Mitigated
Limited impact with proper file permissions and web application firewalls blocking traversal attempts.
🎯 Exploit Status
Path traversal vulnerabilities are commonly exploited and require minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.2 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/wpoptin/wordpress-wpoptin-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Top Bar – PopUps – by WPOptin'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 2.0.2+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the WPOptin plugin until patched.
wp plugin deactivate wpoptin
Web Application Firewall rule
allBlock path traversal patterns in requests.
Add WAF rule: deny requests containing '../' or '..\' patterns
🧯 If You Can't Patch
- Remove the WPOptin plugin completely and use alternative popup solutions.
- Implement strict file permissions (644 for files, 755 for directories) and disable PHP execution in upload directories.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for WPOptin version ≤2.0.1.Check Version:
wp plugin get wpoptin --field=versionVerify Fix Applied:
Confirm plugin version is 2.0.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' patterns to wpoptin plugin endpoints
- Unusual file access attempts in WordPress uploads directory
Network Indicators:
- HTTP requests with path traversal sequences (../, ..\) to /wp-content/plugins/wpoptin/
SIEM Query:
source="web_logs" AND uri="*wpoptin*" AND (uri="*../*" OR uri="*..\\*")