CVE-2024-6719
📋 TL;DR
This vulnerability in the Offload Videos WordPress plugin allows attackers to change plugin settings without the administrator's consent via Cross-Site Request Forgery (CSRF). Attackers can trick authenticated low-privilege users into performing unauthorized actions. WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Offload Videos WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could reconfigure plugin settings to redirect video uploads to malicious servers, inject malicious code into video embeds, or disable security features, potentially leading to data theft or site compromise.
Likely Case
Attackers modify plugin settings to serve malicious content or redirect legitimate video traffic, potentially impacting site functionality and user experience.
If Mitigated
With proper CSRF protections and user awareness, exploitation risk is minimal as it requires social engineering to trick authenticated users.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated users into clicking malicious links. No authentication bypass needed beyond existing low-privilege access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.1
Vendor Advisory: https://wpscan.com/vulnerability/1dc7caac-a36e-4313-a8be-c6b13e564924/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Offload Videos' plugin. 4. Click 'Update Now' if available, or manually update to version 1.0.1 or later. 5. Verify plugin version in plugin details.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate offload-videos
CSRF Protection via WordPress Security Plugin
allImplement additional CSRF protection using security plugins like Wordfence or iThemes Security
🧯 If You Can't Patch
- Remove plugin entirely if not essential for site functionality
- Implement strict user access controls and educate users about phishing risks
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Offload Videos → Version number. If version is below 1.0.1, system is vulnerable.Check Version:
wp plugin get offload-videos --field=versionVerify Fix Applied:
Verify plugin version shows 1.0.1 or higher in WordPress admin panel. Test settings page functionality remains intact.📡 Detection & Monitoring
Log Indicators:
- Unusual plugin setting changes from unexpected user accounts
- Multiple failed CSRF token validations in WordPress logs
Network Indicators:
- Unexpected POST requests to /wp-admin/admin.php?page=offload-videos from non-admin users
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin.php" AND uri_query="page=offload-videos") AND http_method="POST" AND user_role!="administrator"