CVE-2024-8102
📋 TL;DR
This vulnerability in the WP Extended WordPress plugin allows authenticated attackers with Subscriber-level access or higher to modify arbitrary WordPress site options due to missing capability checks. Attackers can change the default user registration role to administrator and enable user registration, gaining full administrative control. All WordPress sites using WP Extended plugin versions up to 3.0.8 are affected.
💻 Affected Systems
- The Ultimate WordPress Toolkit – WP Extended
📦 What is this software?
Wp Extended by Wpextended
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative access, install backdoors, steal data, deface the site, or use it for further attacks.
Likely Case
Attackers create administrator accounts for themselves, gaining full control over the WordPress installation and potentially the underlying server.
If Mitigated
With proper access controls and monitoring, unauthorized option changes are detected and prevented before privilege escalation occurs.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has any WordPress user account.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.9
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'The Ultimate WordPress Toolkit – WP Extended'. 4. Click 'Update Now' if available, or download version 3.0.9+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable WP Extended Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate wpextended
Restrict User Registration
allDisable user registration in WordPress settings to prevent account creation
🧯 If You Can't Patch
- Remove or disable the WP Extended plugin entirely
- Implement strict access controls and monitor for unauthorized option changes in wp_options table
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for WP Extended version. If version is 3.0.8 or lower, you are vulnerable.Check Version:
wp plugin get wpextended --field=versionVerify Fix Applied:
Verify WP Extended plugin version is 3.0.9 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unauthorized modifications to wp_options table
- Unexpected user role changes from subscriber to administrator
- New administrator account creation
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=module_all_toggle
- Unusual option update requests from non-admin users
SIEM Query:
source="wordpress" AND (event="option_update" AND user_role="subscriber" OR user_role="contributor" OR user_role="author")🔗 References
- https://plugins.trac.wordpress.org/browser/wpextended/trunk/admin/class-wp-extended-admin.php#L262
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9d47df99-cff5-4be7-ab8e-ef333cf3755b?source=cve
