CVE-2024-49701 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2024-49701?

CVE-2024-49701 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to include and execute arbitrary PHP files on WordPress sites using the Mags theme. Attackers can achieve remote code execution by manipulating file inclusion parameters. All WordPress installations using Mags theme versions up to 1.1.6 are affected.

📋 TL;DR

This vulnerability allows attackers to include and execute arbitrary PHP files on WordPress sites using the Mags theme. Attackers can achieve remote code execution by manipulating file inclusion parameters. All WordPress installations using Mags theme versions up to 1.1.6 are affected.

💻 Affected Systems

Products:

WordPress Mags Theme by Theme Horse

Versions: n/a through 1.1.6

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Mags theme active. PHP configuration with allow_url_include enabled increases risk.

📦 What is this software?

Mags by Themehorse

View all CVEs affecting Mags →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, malware deployment, and website defacement through remote code execution.

🟠

Likely Case

Website takeover, backdoor installation, and credential harvesting from the WordPress database.

🟢

If Mitigated

Limited impact if file inclusion is restricted to specific directories and PHP execution is properly sandboxed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires minimal technical skill. Public proof-of-concept demonstrates file inclusion via manipulated parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.7 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/mags/wordpress-mags-theme-1-1-6-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Update Mags theme to version 1.1.7 or later. 4. Clear WordPress cache if applicable.

🔧 Temporary Workarounds

Disable allow_url_include

all

Prevents PHP from including remote files via URL

php.ini: allow_url_include = Off

Web Application Firewall Rule

all

Block requests containing suspicious file inclusion patterns

WAF rule: Block requests with '..' or 'http://' in file parameters

🧯 If You Can't Patch

Switch to a different WordPress theme immediately
Implement strict file permission controls on PHP directories

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Mags theme version 1.1.6 or earlier

Check Version:

wp theme list --field=name,version | grep mags

Verify Fix Applied:

Confirm Mags theme version is 1.1.7 or later in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual file include attempts in PHP error logs
Requests with '..' or URL patterns in theme parameters

Network Indicators:

HTTP requests with suspicious file paths in query parameters
Unexpected outbound connections from web server

SIEM Query:

source="web_logs" AND (uri="*..*" OR uri="*http://*") AND user_agent="*WordPress*"

📊 Metadata

CVE ID: CVE-2024-49701

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-98

Published: October 23, 2024

Last Updated: January 9, 2026

🔗 References

https://patchstack.com/database/vulnerability/mags/wordpress-mags-theme-1-1-6-local-file-inclusion-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49701, you might also want to check these: