CVE-2024-5871
📋 TL;DR
The WooCommerce Social Login plugin for WordPress is vulnerable to PHP object injection via deserialization of untrusted input in the 'woo_slg_verify' parameter. This allows unauthenticated attackers to inject PHP objects, potentially leading to arbitrary file deletion, data theft, or remote code execution if a POP chain exists via other installed plugins/themes. All WordPress sites using this plugin up to version 2.6.2 are affected.
💻 Affected Systems
- WooCommerce - Social Login WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, and website defacement if a suitable POP chain exists via other installed plugins or themes.
Likely Case
Denial of service through arbitrary file deletion or limited data exposure if no suitable POP chain exists in the target environment.
If Mitigated
No impact if the vulnerability is patched or the plugin is disabled/removed.
🎯 Exploit Status
While no public POP chain exists in the vulnerable plugin itself, attackers can chain with other vulnerable plugins/themes. The vulnerability is trivial to trigger via HTTP requests to the vulnerable parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.3 or later
Vendor Advisory: https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WooCommerce Social Login' and check if update is available. 4. Click 'Update Now' to update to version 2.6.3 or later. 5. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable the vulnerable plugin
allTemporarily disable the WooCommerce Social Login plugin until patched
wp plugin deactivate woo-social-login
Web Application Firewall rule
allBlock requests containing the vulnerable parameter
Add WAF rule to block requests containing 'woo_slg_verify' parameter
🧯 If You Can't Patch
- Remove the WooCommerce Social Login plugin entirely from the WordPress installation
- Implement strict network controls to limit access to the WordPress site while remediation is planned
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'WooCommerce Social Login' version 2.6.2 or earlierCheck Version:
wp plugin get woo-social-login --field=versionVerify Fix Applied:
Verify plugin version is 2.6.3 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'woo_slg_verify' parameter with serialized data
- Unusual PHP errors related to unserialize() or object instantiation
Network Indicators:
- POST/GET requests to WordPress endpoints with 'woo_slg_verify' parameter containing serialized data patterns
SIEM Query:
source="web_logs" AND (uri_query="*woo_slg_verify*" OR post_data="*woo_slg_verify*")🔗 References
- https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd592e6-2ac4-4af4-bfc0-d4f834157d71?source=cve
- https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd592e6-2ac4-4af4-bfc0-d4f834157d71?source=cve
