Login Sign Up

CVE-2024-7258

8.8 HIGH
Remote Code Execution Authentication Bypass

📋 TL;DR

The WooCommerce Google Feed Manager WordPress plugin has a vulnerability that allows authenticated users with Contributor-level access or higher to delete arbitrary files on the server. This can lead to remote code execution if critical files like wp-config.php are deleted. All WordPress sites using this plugin up to version 2.8.0 are affected.

💻 Affected Systems

Products:
  • WooCommerce Google Feed Manager (WP Product Feed Manager)
Versions: All versions up to and including 2.8.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress with the vulnerable plugin installed and at least one user with Contributor role or higher.

📦 What is this software?

Woocommerce Google Feed Manager by Wpmarketingrobot

View all CVEs affecting Woocommerce Google Feed Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise via remote code execution leading to data theft, defacement, or malware installation.

🟠

Likely Case

Site disruption or data loss from deletion of important files, potentially requiring restoration from backups.

🟢

If Mitigated

Minimal impact if proper access controls and file permissions are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.1

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3137475/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WooCommerce Google Feed Manager' and click 'Update Now'. 4. Verify version is 2.8.1 or higher.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate wp-product-feed-manager

Restrict User Roles

all

Remove Contributor and higher roles from untrusted users.

🧯 If You Can't Patch

  • Implement strict file permissions (e.g., 644 for files, 755 for directories) to limit deletion capabilities.
  • Monitor and audit file deletion activities, especially from authenticated users.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins.

Check Version:

wp plugin get wp-product-feed-manager --field=version

Verify Fix Applied:

Confirm plugin version is 2.8.1 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion events in WordPress or web server logs
  • AJAX requests to wppfm_removeFeedFile function

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action=wppfm_removeFeedFile

SIEM Query:

source="wordpress.log" AND "wppfm_removeFeedFile"

📊 Metadata

CVE ID: CVE-2024-7258
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: August 23, 2024
Last Updated: September 27, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7258, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)