Login Sign Up

CVE-2024-52429

9.9 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability in the WP Quick Setup WordPress plugin allows attackers to upload arbitrary files, including web shells, to the server. It affects all versions up to 2.0, enabling remote code execution on vulnerable WordPress sites.

💻 Affected Systems

Products:
  • WP Quick Setup WordPress Plugin
Versions: n/a through 2.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with vulnerable plugin version. No special configuration needed.

📦 What is this software?

Wp Quick Setup by Antonhoelstad

View all CVEs affecting Wp Quick Setup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, defacement, malware distribution, or use as part of a botnet.

🟠

Likely Case

Web shell installation allowing persistent backdoor access, file manipulation, and further exploitation of the WordPress environment.

🟢

If Mitigated

Limited impact if file uploads are restricted at web server level or security plugins block malicious uploads.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward - attackers can upload malicious files directly via plugin functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.1

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-quick-setup/wordpress-wp-quick-setup-plugin-2-0-arbitrary-plugin-and-theme-installation-to-remote-code-execution-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Quick Setup and update to version 2.0.1 or later. 4. If update not available, deactivate and delete the plugin immediately.

🔧 Temporary Workarounds

Disable Plugin

all

Deactivate and remove the vulnerable plugin

wp plugin deactivate wp-quick-setup
wp plugin delete wp-quick-setup

Restrict File Uploads

linux

Configure web server to block PHP file uploads to upload directories

# Add to .htaccess in uploads directory:
<Files *.php>
    Order Deny,Allow
    Deny from all
</Files>

🧯 If You Can't Patch

  • Immediately deactivate and remove the WP Quick Setup plugin from all WordPress installations.
  • Implement web application firewall rules to block file upload attempts to the plugin's endpoints.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WP Quick Setup version 2.0 or earlier.

Check Version:

wp plugin get wp-quick-setup --field=version

Verify Fix Applied:

Verify plugin version is 2.0.1 or later, or confirm plugin is not installed.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /wp-content/plugins/wp-quick-setup/ directories
  • POST requests to plugin-specific endpoints with file upload parameters

Network Indicators:

  • HTTP POST requests containing file uploads to wp-quick-setup plugin paths

SIEM Query:

source="web_server" AND (uri_path="/wp-content/plugins/wp-quick-setup/*" AND method="POST" AND (request_body CONTAINS "Content-Disposition: form-data" OR request_body CONTAINS "multipart/form-data"))

📊 Metadata

CVE ID: CVE-2024-52429
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-434
Published: November 18, 2024
Last Updated: November 20, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52429, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)