Login Sign Up

CVE-2024-5431

8.8 HIGH

📋 TL;DR

This vulnerability allows authenticated attackers with Contributor-level access or higher to perform Local File Inclusion via the reservation_extra_field shortcode parameter in the WPCafe plugin. This can lead to remote file inclusion and potentially code execution on affected WordPress sites. All WordPress sites using vulnerable versions of the WPCafe plugin are affected.

💻 Affected Systems

Products:
  • WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Versions: All versions up to and including 2.2.25
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress with the WPCafe plugin installed and at least one user with Contributor role or higher.

📦 What is this software?

Wpcafe by Themewinter

View all CVEs affecting Wpcafe →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through remote code execution, data theft, and complete site takeover.

🟠

Likely Case

Unauthorized file access, sensitive information disclosure, and potential backdoor installation.

🟢

If Mitigated

Limited to authenticated users only, reducing exposure but still significant risk from compromised accounts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.26 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3158036%40wp-cafe%2Ftrunk&old=3158035%40wp-cafe%2Ftrunk

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find WPCafe plugin
4. Click 'Update Now' if available
5. Or download version 2.2.26+ from WordPress repository
6. Deactivate old version, upload new version, activate

🔧 Temporary Workarounds

Disable WPCafe Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate wp-cafe

Restrict User Roles

all

Remove Contributor and higher roles from untrusted users

🧯 If You Can't Patch

  • Implement web application firewall with LFI protection rules
  • Restrict file system permissions and implement strict access controls

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > WPCafe version. If version is 2.2.25 or lower, you are vulnerable.

Check Version:

wp plugin get wp-cafe --field=version

Verify Fix Applied:

Verify WPCafe plugin version is 2.2.26 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file inclusion attempts in web server logs
  • Multiple requests to reservation forms with suspicious parameters
  • Unexpected file access patterns

Network Indicators:

  • HTTP requests containing reservation_extra_field parameter with file paths
  • Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND (reservation_extra_field CONTAINS "../" OR reservation_extra_field CONTAINS "/etc/" OR reservation_extra_field CONTAINS "php://")

📊 Metadata

CVE ID: CVE-2024-5431
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: June 25, 2024
Last Updated: March 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON