CVE-2024-6054 – The Auto Featured Image WordPress plugin allows... (How to Fix)

Q: What is the severity of CVE-2024-6054?

CVE-2024-6054 has a CVSS score of 8.8 (HIGH). The Auto Featured Image WordPress plugin allows authenticated users with contributor-level permissions or higher to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to and including 1.2 are vulnerable.

📋 TL;DR

The Auto Featured Image WordPress plugin allows authenticated users with contributor-level permissions or higher to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to and including 1.2 are vulnerable.

💻 Affected Systems

Products:

Auto Featured Image WordPress Plugin

Versions: All versions up to and including 1.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with contributor role or higher. WordPress multisite installations may be affected differently.

📦 What is this software?

Auto Featured Image by Auto Featured Image Project

View all CVEs affecting Auto Featured Image →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, malware deployment, or site defacement.

🟠

Likely Case

Unauthorized file upload leading to webshell installation and limited server access.

🟢

If Mitigated

File upload attempts are blocked or logged, with no successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires contributor-level access. The vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/auto-featured-image/tags/1.3/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Auto Featured Image plugin. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 1.3+ from WordPress.org and replace the plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate auto-featured-image

Restrict User Roles

all

Temporarily remove contributor roles or restrict file upload permissions.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block suspicious file uploads.
Enable file integrity monitoring on WordPress uploads directory.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is 1.2 or lower, you are vulnerable.

Check Version:

wp plugin get auto-featured-image --field=version

Verify Fix Applied:

Verify plugin version is 1.3 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/uploads/ via plugin endpoints
POST requests to auto-featured-image plugin URLs with file parameters

Network Indicators:

HTTP POST requests containing file uploads to plugin-specific endpoints

SIEM Query:

source="web_logs" AND (uri="*auto-featured-image*" AND method="POST" AND (file_upload="true" OR contains(content_type, "multipart/form-data")))

📊 Metadata

CVE ID: CVE-2024-6054

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 27, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6054, you might also want to check these: