CVE-2024-7415
📋 TL;DR
The Remember Me Controls WordPress plugin up to version 2.0.1 allows unauthenticated attackers to retrieve the full server path via direct access to bootstrap.php with display_errors enabled. This information disclosure vulnerability affects all WordPress sites using vulnerable plugin versions. While not directly damaging, the exposed path information can assist attackers in exploiting other vulnerabilities.
💻 Affected Systems
- WordPress Remember Me Controls plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers combine path disclosure with other vulnerabilities (like file inclusion or directory traversal) to achieve remote code execution, data theft, or complete system compromise.
Likely Case
Attackers gather reconnaissance information about server structure to plan more sophisticated attacks against the WordPress installation.
If Mitigated
Minimal impact as path disclosure alone doesn't compromise systems, though it still provides attackers with useful reconnaissance data.
🎯 Exploit Status
Exploitation requires simple HTTP request to the vulnerable file. The vulnerability is publicly documented with proof-of-concept available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Remember Me Controls' and click 'Update Now' if available. 4. Alternatively, download version 2.0.2+ from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Remove vulnerable file
linuxDelete or restrict access to the vulnerable bootstrap.php file in the plugin's test directory
rm -rf /path/to/wp-content/plugins/remember-me-controls/tests/
Block access via .htaccess
allPrevent direct access to the vulnerable file using web server configuration
<Files "bootstrap.php">
Order Allow,Deny
Deny from all
</Files>
🧯 If You Can't Patch
- Deactivate the Remember Me Controls plugin completely until patched
- Implement web application firewall rules to block requests to /tests/ directory paths
🔍 How to Verify
Check if Vulnerable:
Access https://yoursite.com/wp-content/plugins/remember-me-controls/tests/phpunit/bootstrap.php - if it returns server path information, the site is vulnerable.Check Version:
Check WordPress admin plugins page or examine /wp-content/plugins/remember-me-controls/readme.txt version numberVerify Fix Applied:
Attempt the same access after patching - should return 403/404 error or blank page without path disclosure.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 requests to /wp-content/plugins/remember-me-controls/tests/phpunit/bootstrap.php
- Unusual requests to plugin test directories
Network Indicators:
- GET requests to bootstrap.php file paths from external IPs
SIEM Query:
source="web_access_logs" AND uri="/wp-content/plugins/remember-me-controls/tests/phpunit/bootstrap.php" AND status=200🔗 References
- https://plugins.trac.wordpress.org/browser/remember-me-controls/tags/2.0.1/tests/phpunit/bootstrap.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3146603%40remember-me-controls&new=3146603%40remember-me-controls&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/01707346-86c2-45c8-a2c9-81a147506fa4?source=cve
