CVE-2024-6836 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2024-6836?

CVE-2024-6836 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows authenticated WordPress users with Contributor-level access or higher to modify plugin settings without proper authorization. Attackers can update templates, designs, checkouts, and other critical plugin configurations. All WordPress sites using the vulnerable Funnel Builder plugin are affected.

📋 TL;DR

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to modify plugin settings without proper authorization. Attackers can update templates, designs, checkouts, and other critical plugin configurations. All WordPress sites using the vulnerable Funnel Builder plugin are affected.

💻 Affected Systems

Products:

Funnel Builder for WordPress by FunnelKit

Versions: All versions up to and including 3.4.6

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Contributor-level access or higher is needed to exploit.

📦 What is this software?

Funnel Builder by Funnelkit

View all CVEs affecting Funnel Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could modify checkout pages to steal payment information, redirect users to malicious sites, or disrupt e-commerce functionality entirely.

🟠

Likely Case

Attackers with legitimate contributor accounts could deface checkout pages, modify pricing, or disrupt sales funnel operations.

🟢

If Mitigated

With proper user access controls and monitoring, impact is limited to unauthorized configuration changes that can be detected and reverted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has contributor-level credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.7

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3123202/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'Funnel Builder for WordPress by FunnelKit'. 4. Click 'Update Now' or manually update to version 3.4.7 or later.

🔧 Temporary Workarounds

Temporarily disable plugin

all

Disable the vulnerable plugin until patching is possible

wp plugin deactivate funnel-builder

Restrict user roles

all

Temporarily remove Contributor and higher roles from untrusted users

wp user remove-role <username> contributor
wp user remove-role <username> author
wp user remove-role <username> editor

🧯 If You Can't Patch

Implement strict user access controls and review all users with Contributor or higher roles
Enable detailed logging of plugin configuration changes and monitor for unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Funnel Builder for WordPress by FunnelKit. If version is 3.4.6 or lower, you are vulnerable.

Check Version:

wp plugin get funnel-builder --field=version

Verify Fix Applied:

After updating, verify plugin version shows 3.4.7 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual plugin configuration changes from contributor-level users
Multiple settings updates in short timeframes
Changes to checkout or funnel templates

Network Indicators:

Unusual AJAX requests to /wp-admin/admin-ajax.php with funnel-builder actions

SIEM Query:

source="wordpress.log" AND (plugin="funnel-builder" OR action="wfacp_*") AND user_role="contributor"

📊 Metadata

CVE ID: CVE-2024-6836

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-862

Published: July 24, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6836, you might also want to check these: