CVE-2024-7425
📋 TL;DR
The WP ALL Export Pro WordPress plugin has an authentication bypass vulnerability that allows authenticated attackers with Shop Manager or higher privileges to modify WordPress site options. This can be exploited to change user registration settings and create administrator accounts, leading to complete site compromise. All WordPress sites using WP ALL Export Pro version 1.9.1 or earlier are affected.
💻 Affected Systems
- WP ALL Export Pro WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative access, can install backdoors, steal data, deface the site, or use it for further attacks.
Likely Case
Attackers with existing Shop Manager access escalate to full administrator privileges, enabling data theft, plugin/theme manipulation, and persistent backdoor installation.
If Mitigated
With proper access controls and monitoring, unauthorized privilege escalation attempts are detected and blocked before successful exploitation.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has Shop Manager credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9.2 or later
Vendor Advisory: https://www.wpallimport.com/upgrade-to-wp-all-export-pro/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP ALL Export Pro and click 'Update Now'. 4. Verify version is 1.9.2 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate WP ALL Export Pro until patched
wp plugin deactivate wp-all-export-pro
Restrict user roles
allRemove Shop Manager and similar elevated roles from untrusted users
wp user list --role=shop_manager
wp user set-role <username> customer
🧯 If You Can't Patch
- Implement strict access controls and monitor all users with Shop Manager or higher privileges
- Enable WordPress security plugins with privilege escalation detection and disable user registration
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → WP ALL Export Pro version. If version is 1.9.1 or lower, you are vulnerable.Check Version:
wp plugin get wp-all-export-pro --field=versionVerify Fix Applied:
Verify WP ALL Export Pro version is 1.9.2 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unauthorized option updates in WordPress debug logs
- User role changes from shop_manager to administrator
- New administrator account creation
Network Indicators:
- HTTP POST requests to wp-admin/admin-ajax.php with option modification parameters
SIEM Query:
source="wordpress" AND (event="option_update" OR event="user_role_change") AND user_role="shop_manager"