CVE-2024-6319
📋 TL;DR
The IMGspider WordPress plugin allows authenticated attackers with contributor-level permissions or higher to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to and including 2.3.10 are vulnerable.
💻 Affected Systems
- IMGspider WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, deface websites, or pivot to internal networks.
Likely Case
Website defacement, malware distribution, or credential theft through uploaded malicious files.
If Mitigated
Limited impact if file uploads are restricted at web server level or if contributor accounts are tightly controlled.
🎯 Exploit Status
Exploitation requires authenticated access with contributor permissions or higher. Simple file upload bypass techniques can be used.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.11 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3107741/imgspider
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find IMGspider plugin. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 2.3.11+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable IMGspider Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate imgspider
Restrict File Uploads via .htaccess
linuxBlock execution of uploaded files in the uploads directory
Add to .htaccess in wp-content/uploads: <FilesMatch "\.(php|php5|phtml|pl|py|jsp|asp|sh|cgi)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Remove contributor and author roles from untrusted users
- Implement web application firewall rules to block suspicious file uploads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for IMGspider version 2.3.10 or earlierCheck Version:
wp plugin get imgspider --field=versionVerify Fix Applied:
Confirm IMGspider version is 2.3.11 or later in WordPress plugins list📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /wp-content/uploads/ via POST requests
- PHP/executable files uploaded by contributor-level users
- Multiple failed upload attempts with different file extensions
Network Indicators:
- POST requests to upload endpoints with non-image file types
- Traffic spikes to newly uploaded files in uploads directory
SIEM Query:
source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "imgspider") AND method="POST" AND (user_agent CONTAINS "curl" OR user_agent CONTAINS "wget" OR user_agent="-")🔗 References
- https://plugins.trac.wordpress.org/browser/imgspider/tags/2.3.10/classes/post.class.php#L189
- https://plugins.trac.wordpress.org/changeset/3107741/imgspider
- https://www.wordfence.com/threat-intel/vulnerabilities/id/63a4a077-c99e-4742-9fa1-f323fd24b950?source=cve
- https://plugins.trac.wordpress.org/browser/imgspider/tags/2.3.10/classes/post.class.php#L189
- https://plugins.trac.wordpress.org/changeset/3107741/imgspider
- https://www.wordfence.com/threat-intel/vulnerabilities/id/63a4a077-c99e-4742-9fa1-f323fd24b950?source=cve
