Login Sign Up

CVE-2024-6024

8.8 HIGH
CSRF

📋 TL;DR

This vulnerability in the ContentLock WordPress plugin allows attackers to trick logged-in administrators into deleting groups or emails without their consent. Attackers can craft malicious requests that appear legitimate, exploiting the lack of CSRF protection. All WordPress sites using vulnerable versions of ContentLock are affected.

💻 Affected Systems

Products:
  • ContentLock WordPress Plugin
Versions: through 1.0.3
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with ContentLock plugin enabled and an administrator logged in.

📦 What is this software?

Contentlock by Adamsolymosi

View all CVEs affecting Contentlock →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all groups and email configurations, disrupting content access controls and potentially causing data loss or service disruption.

🟠

Likely Case

Targeted deletion of specific groups or email addresses, compromising content access management and requiring administrative recovery.

🟢

If Mitigated

With proper CSRF tokens and user confirmation dialogs, the risk is eliminated as requests require explicit user intent.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick an admin into clicking a malicious link while authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.4 or later

Vendor Advisory: https://wpscan.com/vulnerability/3d2cdb4f-b7e1-4691-90d1-cddde7f5858e/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find ContentLock and click 'Update Now'. 4. Verify update to version 1.0.4 or higher.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable ContentLock plugin until patched to prevent exploitation.

wp plugin deactivate contentlock

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block CSRF attempts targeting ContentLock endpoints.
  • Educate administrators about phishing risks and require multi-step confirmation for sensitive actions.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for ContentLock version 1.0.3 or earlier.

Check Version:

wp plugin get contentlock --field=version

Verify Fix Applied:

Confirm ContentLock version is 1.0.4 or higher in WordPress admin plugins list.

📡 Detection & Monitoring

Log Indicators:

  • Unusual DELETE requests to /wp-admin/admin-ajax.php with action parameters related to ContentLock groups/emails
  • Multiple group/email deletion events from single admin session

Network Indicators:

  • HTTP POST requests to admin endpoints without Referer headers matching site domain
  • Suspicious redirects or iframes targeting admin users

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php") AND (http_method="POST") AND (form_data CONTAINS "action=contentlock_delete")

📊 Metadata

CVE ID: CVE-2024-6024
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: July 12, 2024
Last Updated: May 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6024, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)