CVE-2024-52381
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It affects WordPress sites running the ZIJ KART plugin, potentially leading to sensitive information disclosure or code execution. All users of ZIJ KART plugin versions up to 1.1 are affected.
💻 Affected Systems
- ZIJ KART WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, sensitive file disclosure (like /etc/passwd, database credentials), and complete site takeover.
Likely Case
Sensitive information disclosure including configuration files, database credentials, and potentially limited code execution depending on server configuration.
If Mitigated
Limited impact with proper file permissions, disabled dangerous PHP functions, and restricted server configurations.
🎯 Exploit Status
Exploitation is straightforward with publicly available proof-of-concept. No authentication required to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/zij-kart/wordpress-zij-kart-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find ZIJ KART plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install fresh version 1.2+ from WordPress repository.
🔧 Temporary Workarounds
Disable ZIJ KART Plugin
allTemporarily disable the vulnerable plugin until patched version is available
wp plugin deactivate zij-kart
Restrict PHP File Functions
linuxDisable dangerous PHP functions via php.ini configuration
disable_functions = include,require,include_once,require_once
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file inclusion patterns
- Restrict file permissions and implement strict directory traversal protections
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → ZIJ KART version. If version is 1.1 or earlier, you are vulnerable.Check Version:
wp plugin get zij-kart --field=versionVerify Fix Applied:
Verify plugin version is 1.2 or later in WordPress admin panel and test file inclusion attempts return errors instead of file contents.📡 Detection & Monitoring
Log Indicators:
- Unusual file paths in PHP error logs
- Multiple include/require failures with directory traversal patterns
- Requests to plugin files with file parameter containing ../ patterns
Network Indicators:
- HTTP requests containing file inclusion patterns like ?file=../../../etc/passwd
- Unusual traffic to ZIJ KART plugin endpoints
SIEM Query:
source="*access.log*" AND (uri="*zij-kart*" AND (query="*file=*" OR query="*include=*" OR query="*require=*"))