CVE-2024-8393
📋 TL;DR
The WooCommerce Blocks - Woolook WordPress plugin contains a Local File Inclusion vulnerability that allows authenticated administrators to include and execute arbitrary PHP files on the server. This can lead to remote code execution, data theft, and privilege escalation. The vulnerability affects all WordPress sites using Woolook plugin versions 1.7.0 and earlier.
💻 Affected Systems
- WooCommerce Blocks - Woolook WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to complete data exfiltration, website defacement, malware installation, and use as a pivot point for attacking other systems.
Likely Case
Unauthorized code execution leading to backdoor installation, credential theft, and data manipulation.
If Mitigated
Limited impact if proper file upload restrictions and web application firewalls are in place.
🎯 Exploit Status
Requires administrator credentials but can be combined with CSRF attacks. Exploitation requires understanding of WordPress plugin structure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.7.0
Vendor Advisory: https://plugins.trac.wordpress.org/browser/woolook/trunk/includes/views/panel.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WooCommerce Blocks - Woolook'. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Woolook plugin until patched version is available.
wp plugin deactivate woolook
Web Application Firewall rule
allBlock requests containing malicious 'tab' parameter patterns.
🧯 If You Can't Patch
- Remove administrator access from untrusted users
- Implement strict file upload restrictions and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Woolook version 1.7.0 or earlier.Check Version:
wp plugin get woolook --field=versionVerify Fix Applied:
Verify Woolook plugin version is greater than 1.7.0 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file inclusion attempts in web server logs
- Multiple requests to panel.php with suspicious 'tab' parameters
- PHP error logs showing file inclusion failures
Network Indicators:
- HTTP requests to /wp-content/plugins/woolook/includes/views/panel.php with unusual 'tab' parameter values
SIEM Query:
source="web_access_logs" AND uri_path="*panel.php*" AND query_string="*tab=*" AND NOT query_string="*tab=expected_value*"