CVE-2024-6755
📋 TL;DR
The Social Auto Poster WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to delete arbitrary posts. This affects all versions up to and including 5.3.14. WordPress sites using this plugin are vulnerable to content deletion attacks.
💻 Affected Systems
- Social Auto Poster WordPress Plugin
📦 What is this software?
Social Auto Poster by Wpwebinfotech
⚠️ Risk & Real-World Impact
Worst Case
Complete deletion of all website content including posts, pages, and custom post types, leading to data loss and website defacement.
Likely Case
Selective deletion of important posts or pages, causing content disruption and potential SEO damage.
If Mitigated
No impact if plugin is patched or disabled, or if proper web application firewall rules block the vulnerable endpoint.
🎯 Exploit Status
The vulnerability is simple to exploit via crafted HTTP requests to the vulnerable endpoint. Public proof-of-concept code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.3.15 or later
Vendor Advisory: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Social Auto Poster and click 'Update Now'. 4. Verify plugin version is 5.3.15 or higher.
🔧 Temporary Workarounds
Disable the vulnerable plugin
allTemporarily deactivate the Social Auto Poster plugin until patched
wp plugin deactivate social-auto-poster
Block vulnerable endpoint via WAF
allAdd WAF rule to block requests to the vulnerable function endpoint
Block POST requests containing 'wpw_auto_poster_quick_delete_multiple' parameter
🧯 If You Can't Patch
- Implement strict web application firewall rules to block exploitation attempts
- Enable comprehensive logging and monitoring for post deletion activities
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Social Auto Poster version. If version is 5.3.14 or lower, you are vulnerable.Check Version:
wp plugin get social-auto-poster --field=versionVerify Fix Applied:
After updating, verify plugin version shows 5.3.15 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to admin-ajax.php with 'wpw_auto_poster_quick_delete_multiple' parameter
- Multiple post deletions from unauthenticated IP addresses
- 404 errors for previously existing posts
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with suspicious parameters
- Unusual traffic patterns to WordPress admin endpoints
SIEM Query:
source="wordpress.log" AND "wpw_auto_poster_quick_delete_multiple" AND response_code=200🔗 References
- https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d9b1044d-6858-498f-9b89-352650061858?source=cve
- https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d9b1044d-6858-498f-9b89-352650061858?source=cve
