CVE-2024-50487 – This CVE describes an authentication bypass vul... (How to Fix)

Q: What is the severity of CVE-2024-50487?

CVE-2024-50487 has a CVSS score of 9.8 (CRITICAL). This CVE describes an authentication bypass vulnerability in the MaanStore API WordPress plugin that allows attackers to gain unauthorized access without valid credentials. It affects all WordPress sites running MaanStore API plugin versions up to and including 1.0.1. Attackers can potentially take over user accounts or gain administrative privileges.

📋 TL;DR

This CVE describes an authentication bypass vulnerability in the MaanStore API WordPress plugin that allows attackers to gain unauthorized access without valid credentials. It affects all WordPress sites running MaanStore API plugin versions up to and including 1.0.1. Attackers can potentially take over user accounts or gain administrative privileges.

💻 Affected Systems

Products:

WordPress MaanStore API Plugin

Versions: n/a through 1.0.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin version are affected regardless of configuration.

📦 What is this software?

Maanstore Api by Maantheme

View all CVEs affecting Maanstore Api →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise with administrative access, data theft, malware injection, and defacement.

🟠

Likely Case

Unauthorized access to user accounts, privilege escalation, and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring.

🌐 Internet-Facing: HIGH - WordPress plugins are typically internet-facing and this allows unauthenticated bypass.

🏢 Internal Only: MEDIUM - Internal systems could still be vulnerable if the plugin is installed internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities typically have low exploitation complexity and are often weaponized quickly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.0.1

Vendor Advisory: https://patchstack.com/database/vulnerability/maanstore-api/wordpress-maanstore-api-plugin-1-0-1-account-takeover-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find MaanStore API plugin. 4. Check for updates or remove if no update available. 5. Update to latest version or disable plugin.

🔧 Temporary Workarounds

Disable MaanStore API Plugin

all

Temporarily disable the vulnerable plugin until patched version is available.

wp plugin deactivate maanstore-api

Restrict API Access

linux

Use web application firewall or .htaccess to restrict access to plugin endpoints.

# Add to .htaccess: RewriteRule ^wp-content/plugins/maanstore-api/ - [F,L]

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the WordPress instance
Enable detailed logging and monitoring for authentication attempts and API access patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → MaanStore API version. If version is 1.0.1 or earlier, you are vulnerable.

Check Version:

wp plugin get maanstore-api --field=version

Verify Fix Applied:

Verify plugin version is higher than 1.0.1 and test authentication functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
API requests to maanstore-api endpoints without proper authentication
Multiple failed login attempts followed by successful access

Network Indicators:

HTTP requests to /wp-content/plugins/maanstore-api/ endpoints with suspicious parameters
Traffic patterns indicating authentication bypass

SIEM Query:

source="wordpress.log" AND ("maanstore-api" OR "authentication bypass") AND (status=200 OR status=302)

📊 Metadata

CVE ID: CVE-2024-50487

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

Published: October 28, 2024

Last Updated: October 31, 2024

🔗 References

https://patchstack.com/database/vulnerability/maanstore-api/wordpress-maanstore-api-plugin-1-0-1-account-takeover-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50487, you might also want to check these: