CVE-2024-7484 – The CRM Perks Forms WordPress plugin allows aut... (How to Fix)

Q: What is the severity of CVE-2024-7484?

CVE-2024-7484 has a CVSS score of 7.2 (HIGH). The CRM Perks Forms WordPress plugin allows authenticated administrators to upload arbitrary files due to insufficient validation in the 'handle_uploaded_files' function. This vulnerability can lead to remote code execution on affected WordPress sites. Only WordPress installations using CRM Perks Forms versions 1.1.3 and earlier are affected.

📋 TL;DR

The CRM Perks Forms WordPress plugin allows authenticated administrators to upload arbitrary files due to insufficient validation in the 'handle_uploaded_files' function. This vulnerability can lead to remote code execution on affected WordPress sites. Only WordPress installations using CRM Perks Forms versions 1.1.3 and earlier are affected.

💻 Affected Systems

Products:

CRM Perks Forms WordPress Plugin

Versions: Up to and including version 1.1.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated administrator access to exploit. WordPress multisite installations may also be affected.

📦 What is this software?

Crm Perks Forms by Crmperks

View all CVEs affecting Crm Perks Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Website defacement, malware injection, or data theft through uploaded web shells.

🟢

If Mitigated

Limited impact if file uploads are restricted at web server level or administrator accounts are properly secured.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials. Public proof-of-concept code is available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.4

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3016768/crm-perks-forms

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find CRM Perks Forms and click 'Update Now'. 4. Verify version is 1.1.4 or higher.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the CRM Perks Forms plugin until patched.

wp plugin deactivate crm-perks-forms

Restrict File Uploads

linux

Configure web server to block PHP file uploads in plugin directories.

<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|sh|cgi)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Remove administrator access from untrusted users and enforce strong password policies.
Implement web application firewall rules to block suspicious file upload patterns.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for CRM Perks Forms version 1.1.3 or lower.

Check Version:

wp plugin get crm-perks-forms --field=version

Verify Fix Applied:

Confirm CRM Perks Forms version is 1.1.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/plugins/crm-perks-forms/
POST requests to front-form.php with file upload parameters

Network Indicators:

HTTP POST requests with file uploads to CRM Perks Forms endpoints

SIEM Query:

source="web_logs" AND uri="*front-form.php*" AND method="POST" AND (file_upload="true" OR contains("multipart/form-data"))

📊 Metadata

CVE ID: CVE-2024-7484

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: August 6, 2024

Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7484, you might also want to check these: