CVE-2024-6756
📋 TL;DR
The Social Auto Poster WordPress plugin allows authenticated users with Contributor-level permissions or higher to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. Attackers can combine this with CVE-2024-6754 to exploit with lower Subscriber-level access.
💻 Affected Systems
- Social Auto Poster WordPress Plugin
📦 What is this software?
Social Auto Poster by Wpwebinfotech
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, deface websites, or use the server for malicious activities.
Likely Case
Website defacement, malware injection, data theft, or use as part of a botnet for distributed attacks.
If Mitigated
Limited impact if file uploads are restricted at web server level or if proper file validation is implemented elsewhere.
🎯 Exploit Status
Requires authenticated access (Contributor or higher). Combined with CVE-2024-6754, Subscriber access is sufficient. Simple file upload bypass technique.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.3.15 or later
Vendor Advisory: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Social Auto Poster. 4. Click 'Update Now' if available. 5. If no update shows, download latest version from CodeCanyon and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate social-auto-poster
Restrict File Uploads
linuxConfigure web server to block execution of uploaded files in upload directories
Add 'Options -ExecCGI' and 'RemoveHandler .php .php5 .phtml' to .htaccess in wp-content/uploads
🧯 If You Can't Patch
- Remove Contributor and Subscriber user roles or restrict their capabilities
- Implement web application firewall rules to block malicious file upload patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Social Auto Poster version. If version is 5.3.14 or lower, you are vulnerable.Check Version:
wp plugin get social-auto-poster --field=versionVerify Fix Applied:
Verify plugin version is 5.3.15 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads directory
- POST requests to wpw_auto_poster_get_image_path endpoint with unexpected file types
- Execution of PHP files from upload directories
Network Indicators:
- HTTP POST requests with file uploads to plugin-specific endpoints
- Unexpected outbound connections from web server after file uploads
SIEM Query:
source="web_logs" AND (uri="*wpw_auto_poster*" AND method="POST" AND (file_extension="php" OR file_extension="phtml" OR file_extension="php5"))🔗 References
- https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
- https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve
- https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
- https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve
