CVE-2024-54285
📋 TL;DR
This vulnerability allows attackers to upload malicious files, including web shells, to WordPress sites using the SeedProd Pro plugin. This can lead to complete server compromise and remote code execution. All WordPress sites running vulnerable versions of SeedProd Pro are affected.
💻 Affected Systems
- SeedProd Pro WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover, data exfiltration, ransomware deployment, and persistent backdoor access to the entire WordPress environment.
Likely Case
Website defacement, malware distribution, credential theft, and unauthorized administrative access to the WordPress site.
If Mitigated
Limited impact if file uploads are restricted at the web server level or if the plugin is disabled.
🎯 Exploit Status
Exploitation requires authenticated access, but once achieved, uploading web shells is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.18.11 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find SeedProd Pro and click 'Update Now'. 4. Verify version is 6.18.11 or higher.
🔧 Temporary Workarounds
Disable SeedProd Pro Plugin
allTemporarily disable the vulnerable plugin until patching is possible.
wp plugin deactivate seedprod-coming-soon-pro-5
Restrict File Uploads via .htaccess
linuxBlock PHP file uploads in WordPress upload directories.
<FilesMatch "\.(php|php5|php7|phtml|phar)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file uploads to SeedProd endpoints.
- Disable file upload functionality entirely in WordPress settings or via security plugins.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for SeedProd Pro version 6.18.10 or lower.Check Version:
wp plugin get seedprod-coming-soon-pro-5 --field=versionVerify Fix Applied:
Confirm SeedProd Pro version is 6.18.11 or higher in WordPress plugin list.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /wp-content/uploads/seedprod/
- POST requests to SeedProd-specific endpoints with file parameters
Network Indicators:
- HTTP POST requests containing .php files to SeedProd upload handlers
SIEM Query:
source="web_logs" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "seedprod") AND method="POST" AND (file_extension="php" OR file_extension="phtml")