CVE-2024-5031 – The MemberPress WordPress plugin contains a bli... (How to Fix)

Q: What is the severity of CVE-2024-5031?

CVE-2024-5031 has a CVSS score of 8.5 (HIGH). The MemberPress WordPress plugin contains a blind server-side request forgery (SSRF) vulnerability that allows authenticated attackers with Contributor-level access or higher to make arbitrary web requests from the vulnerable server. This can be used to query and potentially modify internal services that should not be publicly accessible. All WordPress sites using MemberPress versions up to 1.11.29 are affected.

📋 TL;DR

The MemberPress WordPress plugin contains a blind server-side request forgery (SSRF) vulnerability that allows authenticated attackers with Contributor-level access or higher to make arbitrary web requests from the vulnerable server. This can be used to query and potentially modify internal services that should not be publicly accessible. All WordPress sites using MemberPress versions up to 1.11.29 are affected.

💻 Affected Systems

Products:

MemberPress WordPress Plugin

Versions: All versions up to and including 1.11.29

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with MemberPress plugin installed and at least one user with Contributor role or higher.

📦 What is this software?

Memberpress by Caseproof

View all CVEs affecting Memberpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal services, exfiltrate data from internal networks, or chain with other vulnerabilities to achieve remote code execution on internal systems.

🟠

Likely Case

Attackers with contributor access could probe internal networks, discover internal services, and potentially access metadata services or internal APIs that leak sensitive information.

🟢

If Mitigated

With proper network segmentation and authentication controls, impact is limited to information disclosure about internal network structure and services.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated. Contributor role is relatively easy to obtain in many WordPress installations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.11.30 or later

Vendor Advisory: https://memberpress.com/change-log/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find MemberPress and click 'Update Now'. 4. Verify version is 1.11.30 or higher.

🔧 Temporary Workarounds

Disable 'mepr-user-file' shortcode

all

Remove or disable the vulnerable shortcode functionality

Add to theme's functions.php: remove_shortcode('mepr-user-file');

Restrict user roles

all

Remove Contributor role access or implement role-based access controls

Use WordPress role management plugins or custom code to restrict shortcode usage

🧯 If You Can't Patch

Implement network segmentation to restrict outbound connections from web servers
Deploy web application firewall (WAF) rules to block SSRF patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for MemberPress version. If version is 1.11.29 or lower, system is vulnerable.

Check Version:

wp plugin list --name=memberpress --field=version

Verify Fix Applied:

After update, confirm MemberPress version is 1.11.30 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from web server to internal IPs
Multiple failed authentication attempts followed by successful Contributor login

Network Indicators:

Web server making requests to internal services (169.254.169.254, 10.x, 172.16.x, 192.168.x)
Unusual traffic patterns from web server to non-standard ports

SIEM Query:

source="web_server_logs" AND (dest_ip=10.* OR dest_ip=172.16.* OR dest_ip=192.168.* OR dest_ip=169.254.169.254) AND user_agent CONTAINS "WordPress"

📊 Metadata

CVE ID: CVE-2024-5031

CVSS v3 Score: 8.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE: CWE-918

Published: May 22, 2024

Last Updated: January 31, 2025

🔗 References

https://memberpress.com/change-log/ Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/80064e3b-6996-49eb-a475-0ffe0e894f9e?source=cve Third Party Advisory
https://memberpress.com/change-log/ Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/80064e3b-6996-49eb-a475-0ffe0e894f9e?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5031, you might also want to check these: