CVE-2024-5942
📋 TL;DR
The Page and Post Clone WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Author-level permissions or higher to clone and read private posts. This occurs because the 'content_clone' function doesn't properly validate user-controlled input. Only WordPress sites using this specific plugin are affected.
💻 Affected Systems
- WordPress Page and Post Clone plugin
📦 What is this software?
Page And Post Clone by Carlosfazenda
⚠️ Risk & Real-World Impact
Worst Case
Author-level users could systematically clone and exfiltrate all private posts, potentially exposing sensitive information, draft content, or unpublished materials intended for limited audiences.
Likely Case
Malicious or compromised Author accounts could access and copy private posts they shouldn't have permission to view, leading to information disclosure of unpublished content.
If Mitigated
With proper access controls and monitoring, the impact is limited to potential unauthorized viewing of private posts by authorized users who shouldn't have that specific access.
🎯 Exploit Status
Exploitation requires authenticated access with Author privileges or higher. The vulnerability is in a publicly accessible function with missing input validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 6.0
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3108149/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Page and Post Clone' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Page and Post Clone plugin until patched
wp plugin deactivate page-or-post-clone
Restrict Author permissions
allReview and reduce Author-level user permissions to minimize attack surface
🧯 If You Can't Patch
- Implement strict access controls and monitor Author-level user activities
- Remove the plugin entirely and use alternative content management methods
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Page and Post Clone version. If version is 6.0 or lower, you are vulnerable.Check Version:
wp plugin get page-or-post-clone --field=versionVerify Fix Applied:
After updating, verify plugin version is higher than 6.0 in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual cloning activity by Author-level users
- Multiple POST requests to content_clone function
- Access to post IDs outside user's normal permissions
Network Indicators:
- HTTP POST requests to wp-admin/admin-ajax.php with action=content_clone
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND parameters.action="content_clone")🔗 References
- https://plugins.trac.wordpress.org/browser/page-or-post-clone/trunk/page-or-post-clone.php#L19
- https://plugins.trac.wordpress.org/changeset/3108149/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0931f279-2dac-4663-9344-df27b43a7e64?source=cve
- https://plugins.trac.wordpress.org/browser/page-or-post-clone/trunk/page-or-post-clone.php#L19
- https://plugins.trac.wordpress.org/changeset/3108149/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0931f279-2dac-4663-9344-df27b43a7e64?source=cve
