CVE-2024-6573 – The Intelligence WordPress plugin up to version... (How to Fix)

Q: What is the severity of CVE-2024-6573?

CVE-2024-6573 has a CVSS score of 5.3 (MEDIUM). The Intelligence WordPress plugin up to version 1.4.0 allows unauthenticated attackers to retrieve the full server path via direct access to a PHP file with display_errors enabled. This information disclosure vulnerability doesn't cause direct damage but can aid attackers in exploiting other vulnerabilities. All WordPress sites using affected plugin versions are vulnerable.

📋 TL;DR

The Intelligence WordPress plugin up to version 1.4.0 allows unauthenticated attackers to retrieve the full server path via direct access to a PHP file with display_errors enabled. This information disclosure vulnerability doesn't cause direct damage but can aid attackers in exploiting other vulnerabilities. All WordPress sites using affected plugin versions are vulnerable.

💻 Affected Systems

Products:

WordPress Intelligence Plugin

Versions: All versions up to and including 1.4.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires display_errors to be enabled in PHP configuration, which is common in development/staging environments but less common in production.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers combine path disclosure with another vulnerability (like file inclusion or directory traversal) to achieve remote code execution or sensitive data exposure.

🟠

Likely Case

Attackers gather reconnaissance information about server structure to plan more sophisticated attacks against the WordPress installation.

🟢

If Mitigated

Minimal impact - attackers only obtain path information that doesn't directly compromise the system.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to vulnerable endpoint reveals full path in error messages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.4.0

Vendor Advisory: https://plugins.trac.wordpress.org/browser/intelligence/trunk/

Restart Required: No

Instructions:

1. Update Intelligence plugin to latest version via WordPress admin panel. 2. Alternatively, remove the plugin if not needed. 3. Verify update by checking plugin version in WordPress admin.

🔧 Temporary Workarounds

Block direct access to vulnerable file

all

Add .htaccess rule to block access to the vulnerable PHP file

# Add to .htaccess in WordPress root:
<Files "vendor/levelten/intel/realtime/index.php">
    Order Allow,Deny
    Deny from all
</Files>

Disable PHP display_errors

all

Set display_errors = Off in php.ini configuration

# In php.ini:
display_errors = Off
# Alternative in .htaccess:
php_flag display_errors off

🧯 If You Can't Patch

Remove or disable the Intelligence plugin entirely
Implement web application firewall rules to block requests to /vendor/levelten/intel/realtime/index.php

🔍 How to Verify

Check if Vulnerable:

Access https://[your-site]/wp-content/plugins/intelligence/vendor/levelten/intel/realtime/index.php - if it returns a PHP error showing full server path, you're vulnerable.

Check Version:

Check WordPress admin panel > Plugins > Intelligence, or examine wp-content/plugins/intelligence/readme.txt file version

Verify Fix Applied:

After update, access the same URL - should return 403/404 or generic error without path disclosure.

📡 Detection & Monitoring

Log Indicators:

HTTP 200/500 responses to /wp-content/plugins/intelligence/vendor/levelten/intel/realtime/index.php
PHP error logs containing full path disclosures

Network Indicators:

GET requests to vulnerable endpoint from unauthenticated sources

SIEM Query:

web.url:*intelligence/vendor/levelten/intel/realtime/index.php AND (http.status_code:200 OR http.status_code:500)

📊 Metadata

CVE ID: CVE-2024-6573

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: July 27, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6573, you might also want to check these: