CVE-2024-52374
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the DoThatTask plugin. Attackers can achieve remote code execution and full server compromise. All WordPress sites using affected versions of DoThatTask plugin are vulnerable.
💻 Affected Systems
- DoThatTask WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover with persistent backdoor installation, data theft, and use as attack platform
Likely Case
Web shell upload leading to data exfiltration, defacement, or cryptomining
If Mitigated
File upload blocked or sanitized, preventing malicious file execution
🎯 Exploit Status
Exploitation requires authenticated access but is trivial once authenticated
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.6 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/do-that-task/wordpress-do-that-task-plugin-1-5-5-arbitrary-file-upload-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find DoThatTask plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and remove plugin immediately
🔧 Temporary Workarounds
Disable DoThatTask plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate do-that-task
Restrict file uploads via .htaccess
linuxBlock PHP file execution in upload directories
<FilesMatch "\.(php|php5|phtml|phar)$">
Order Deny,Allow
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Remove DoThatTask plugin completely from all WordPress installations
- Implement web application firewall rules to block file uploads to DoThatTask endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → DoThatTask version. If version ≤1.5.5, vulnerable.Check Version:
wp plugin get do-that-task --field=versionVerify Fix Applied:
Confirm DoThatTask plugin version is 1.5.6 or higher, or plugin is removed📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-content/plugins/do-that-task/ upload endpoints
- File uploads with .php, .phtml, .phar extensions
- Unusual file creation in upload directories
Network Indicators:
- HTTP POST to DoThatTask file upload endpoints
- Traffic to unexpected PHP files in upload directories
SIEM Query:
source="web_logs" AND (uri_path="/wp-content/plugins/do-that-task/" AND method="POST") OR (file_extension IN ("php", "phtml", "phar") AND upload_action="true")