Login Sign Up

CVE-2024-6022

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in the ContentLock WordPress plugin allows attackers to trick authenticated administrators into unknowingly changing plugin settings. Attackers can craft malicious requests that execute when an admin visits a compromised page, potentially altering content restrictions or security configurations. All WordPress sites running ContentLock plugin versions up to 1.0.3 are affected.

💻 Affected Systems

Products:
  • ContentLock WordPress Plugin
Versions: through 1.0.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with ContentLock plugin enabled and an authenticated admin session.

📦 What is this software?

Contentlock by Adamsolymosi

View all CVEs affecting Contentlock →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could disable content protection, modify access controls, or change security settings, potentially exposing sensitive content or compromising site functionality.

🟠

Likely Case

Attackers modify plugin settings to weaken content restrictions, bypass paywalls, or alter access permissions without admin knowledge.

🟢

If Mitigated

With proper CSRF protections and admin awareness, successful exploitation requires specific user interaction and may be detected through monitoring.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking an authenticated admin into clicking a malicious link or visiting a compromised page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.4 or later

Vendor Advisory: https://wpscan.com/vulnerability/871a93b5-ec67-4fe0-bc39-e5485477fbeb/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find ContentLock plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin until patched version is released.

🔧 Temporary Workarounds

CSRF Protection Implementation

all

Add custom CSRF tokens to plugin settings forms

Requires custom PHP development to implement nonce verification

Plugin Deactivation

linux

Temporarily disable the vulnerable plugin

wp plugin deactivate contentlock

🧯 If You Can't Patch

  • Implement strict access controls and limit admin session durations
  • Use browser extensions that block CSRF attempts and educate admins about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for ContentLock version 1.0.3 or earlier

Check Version:

wp plugin get contentlock --field=version

Verify Fix Applied:

Verify ContentLock plugin version is 1.0.4 or later in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /wp-admin/admin.php?page=contentlock from unusual sources
  • Unexpected changes to ContentLock settings

Network Indicators:

  • CSRF attack patterns in web traffic
  • Suspicious redirects to admin endpoints

SIEM Query:

source="wordpress.log" AND ("contentlock" OR "admin.php?page=contentlock") AND status=200

📊 Metadata

CVE ID: CVE-2024-6022
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: July 12, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6022, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)