CVE-2024-5987

5.4 MEDIUM

Authentication Bypass

📋 TL;DR

The WP Accessibility Helper WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify contrast settings without proper permissions. This affects all versions up to and including 0.6.2.8. The vulnerability stems from missing capability checks in two specific functions.

💻 Affected Systems

Products:

• WP Accessibility Helper WordPress Plugin

Versions: All versions up to and including 0.6.2.8

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Note that version 0.6.2.8 was supposed to patch this but broke functionality according to the vendor.

📦 What is this software?

Wp Accessibility Helper by Volkov

View all CVEs affecting Wp Accessibility Helper →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could disable accessibility features for all users, potentially violating accessibility compliance requirements and degrading user experience for disabled visitors.

🟠

Likely Case

Malicious users could tamper with contrast settings, causing visual accessibility issues for site visitors or testing various configuration changes.

🟢

If Mitigated

With proper user role management and monitoring, impact would be limited to minor configuration changes that could be quickly reverted.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access (Subscriber role or higher). The vulnerability is in specific API endpoints that lack proper authorization checks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.2.8 (though reportedly broken)

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117664%40wp-accessibility-helper&new=3117664%40wp-accessibility-helper&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Update WP Accessibility Helper plugin to latest version. 2. Verify functionality after update. 3. Consider alternative accessibility plugins if update breaks functionality.

🔧 Temporary Workarounds

Disable Vulnerable Plugin

all

Temporarily disable the WP Accessibility Helper plugin until a stable patch is available

Copy

wp plugin deactivate wp-accessibility-helper

Restrict User Roles

all

Limit Subscriber and other low-privilege user accounts to reduce attack surface

🧯 If You Can't Patch

• Remove or disable the WP Accessibility Helper plugin entirely
• Implement web application firewall rules to block requests to the vulnerable endpoints

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel for WP Accessibility Helper plugin version. If version is 0.6.2.8 or lower, system is vulnerable.

Check Version:

Copy

wp plugin get wp-accessibility-helper --field=version

Verify Fix Applied:

Copy

Update plugin and verify version is above 0.6.2.8. Test contrast settings functionality to ensure patch doesn't break features.

📡 Detection & Monitoring

Log Indicators:

• Unusual POST requests to wp-admin/admin-ajax.php with action parameters containing 'save_contrast_variations' or 'save_empty_contrast_variations' from low-privilege users

Network Indicators:

• HTTP POST requests to WordPress admin-ajax endpoints with contrast-related parameters

SIEM Query:

Copy

source="wordpress_logs" AND (action="save_contrast_variations" OR action="save_empty_contrast_variations") AND user_role IN ("subscriber", "contributor", "author")

📊 Metadata

CVE ID: CVE-2024-5987

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-862

Published: August 29, 2024

Last Updated: October 4, 2024

🔗 References

• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117664%40wp-accessibility-helper&new=3117664%40wp-accessibility-helper&sfp_email=&sfph_mail= Patch
• https://www.wordfence.com/threat-intel/vulnerabilities/id/d3beee75-0480-4504-a177-45f8cd32cf36?source=cve Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5987, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)

CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)

CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)