CVE-2024-8490
📋 TL;DR
This CSRF vulnerability in the PropertyHive WordPress plugin allows unauthenticated attackers to change administrator account details (name, email, password) by tricking an admin into clicking a malicious link. All WordPress sites using PropertyHive versions up to 2.0.19 are affected. Attackers can gain administrative access to vulnerable WordPress installations.
💻 Affected Systems
- PropertyHive WordPress Plugin
📦 What is this software?
Propertyhive by Wp Property Hive
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attacker changes admin password and email, then uses administrative privileges to install backdoors, deface the site, or steal sensitive data.
Likely Case
Attacker gains administrative access to WordPress dashboard, potentially modifying content, installing malicious plugins, or accessing sensitive user data.
If Mitigated
Attack fails due to proper CSRF protections, user awareness training, or network segmentation limiting attack surface.
🎯 Exploit Status
CSRF attacks are well-understood and easy to weaponize. No public exploit code needed - standard CSRF techniques work.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.20 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3152548/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find PropertyHive plugin. 4. Click 'Update Now' if update available. 5. If no update shows, manually download version 2.0.20+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable PropertyHive plugin until patched
wp plugin deactivate propertyhive
CSRF Protection Middleware
allImplement additional CSRF protection at web server or application firewall level
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to restrict script execution
- Use web application firewall (WAF) rules to block suspicious POST requests to /wp-admin/admin-ajax.php
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → PropertyHive → Version. If version is 2.0.19 or lower, you are vulnerable.Check Version:
wp plugin get propertyhive --field=versionVerify Fix Applied:
After updating, verify PropertyHive version is 2.0.20 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /wp-admin/admin-ajax.php?action=save_account_details from unusual sources
- Admin password/email change logs without corresponding admin login
Network Indicators:
- CSRF attack patterns in web server logs
- Suspicious referrer headers in admin-ajax.php requests
SIEM Query:
source="web_logs" AND uri_path="/wp-admin/admin-ajax.php" AND query_string="*action=save_account_details*" AND NOT user_agent="*WordPress*"🔗 References
- https://plugins.trac.wordpress.org/browser/propertyhive/tags/2.0.19/includes/class-ph-ajax.php#L1089
- https://plugins.trac.wordpress.org/browser/propertyhive/tags/2.0.19/includes/class-ph-ajax.php#L976
- https://plugins.trac.wordpress.org/changeset/3152548/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/17c06c83-6707-4233-a1c3-ef4cdcf93982?source=cve
