CVE-2024-50498
📋 TL;DR
CVE-2024-50498 is a critical code injection vulnerability in the LUBUS WP Query Console WordPress plugin that allows unauthenticated remote code execution. Attackers can execute arbitrary code on affected WordPress sites, potentially taking full control. All WordPress installations using WP Query Console version 1.0 or earlier are affected.
💻 Affected Systems
- LUBUS WP Query Console WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise allowing attackers to install backdoors, steal sensitive data, deface websites, pivot to internal networks, and use the server for further attacks.
Likely Case
Website defacement, data theft, cryptocurrency mining, or ransomware deployment on vulnerable WordPress sites.
If Mitigated
No impact if the plugin is removed or patched before exploitation attempts.
🎯 Exploit Status
Public exploit code is available on GitHub, making this easily weaponizable by attackers with minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Immediately deactivate and delete the WP Query Console plugin from WordPress admin panel. 2. Check for any signs of compromise. 3. Monitor for official patch from vendor.
🔧 Temporary Workarounds
Immediate Plugin Removal
allDeactivate and delete the vulnerable WP Query Console plugin
wp plugin deactivate wp-query-console
wp plugin delete wp-query-console
Web Application Firewall Rule
allBlock requests to the vulnerable plugin endpoint
Add WAF rule to block requests containing '/wp-content/plugins/wp-query-console/'
🧯 If You Can't Patch
- Immediately deactivate the WP Query Console plugin via WordPress admin or command line
- Implement network-level blocking of requests to the plugin's endpoint using WAF or firewall rules
🔍 How to Verify
Check if Vulnerable:
Check if wp-query-console plugin exists in /wp-content/plugins/ directory or via WordPress admin plugins pageCheck Version:
wp plugin list | grep wp-query-consoleVerify Fix Applied:
Confirm wp-query-console directory is removed from /wp-content/plugins/ and plugin doesn't appear in WordPress admin📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-content/plugins/wp-query-console/
- POST requests with PHP code in parameters
- Unusual process execution from web server user
Network Indicators:
- Outbound connections from web server to suspicious IPs
- Unusual traffic patterns from WordPress site
SIEM Query:
source="web_logs" AND (uri_path="/wp-content/plugins/wp-query-console/" OR user_agent CONTAINS "wp-query-console")