CVE-2024-8254 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2024-8254?

CVE-2024-8254 has a CVSS score of 5.4 (MEDIUM). This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Email Subscribers plugin. Attackers can potentially inject malicious shortcodes that execute unauthorized actions or access sensitive data. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Email Subscribers plugin. Attackers can potentially inject malicious shortcodes that execute unauthorized actions or access sensitive data. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Email Subscribers by Icegram Express WordPress Plugin

Versions: All versions up to and including 5.7.34

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with vulnerable plugin version and at least one authenticated user account.

📦 What is this software?

Email Subscribers \& Newsletters by Icegram

View all CVEs affecting Email Subscribers \& Newsletters →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could execute arbitrary PHP code, leading to complete site compromise, data theft, or malware installation through malicious shortcode execution.

🟠

Likely Case

Attackers with subscriber accounts could inject shortcodes that modify content, redirect users, or perform unauthorized actions within WordPress capabilities.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to content manipulation by authenticated users.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple once an attacker has subscriber credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7.35

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3157336/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Email Subscribers by Icegram Express'. 4. Click 'Update Now' if available, or manually update to version 5.7.35+. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Email Subscribers plugin until patched

wp plugin deactivate email-subscribers

Restrict user registration

all

Disable new user registration to prevent attacker account creation

wp option update users_can_register 0

🧯 If You Can't Patch

Implement strict access controls and monitor subscriber account activity
Disable shortcode execution for subscriber roles using security plugins

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Email Subscribers version. If version is 5.7.34 or lower, system is vulnerable.

Check Version:

wp plugin get email-subscribers --field=version

Verify Fix Applied:

Verify plugin version is 5.7.35 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual shortcode execution in WordPress debug logs
Multiple failed login attempts followed by shortcode-related actions

Network Indicators:

HTTP POST requests to wp-admin/admin-ajax.php with shortcode parameters

SIEM Query:

source="wordpress" AND ("do_shortcode" OR "es_common") AND status=200

📊 Metadata

CVE ID: CVE-2024-8254

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-94

Published: October 2, 2024

Last Updated: October 8, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8254, you might also want to check these: