CVE-2024-8922
📋 TL;DR
This vulnerability allows authenticated attackers with Author-level WordPress access to perform PHP object injection via deserialization of untrusted input. Attackers could potentially execute arbitrary code, delete files, or access sensitive data if a suitable POP chain exists through other installed plugins or themes. All WordPress sites using the vulnerable WooCommerce product catalog plugin are affected.
💻 Affected Systems
- Product Enquiry for WooCommerce (WooCommerce product catalog plugin for WordPress)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or website defacement if a POP chain exists via other installed components.
Likely Case
Limited impact due to requirement for Author-level authentication and lack of known POP chain in the vulnerable plugin itself, but potential for data exposure or file deletion if vulnerable plugins/themes are present.
If Mitigated
Minimal impact with proper access controls, plugin isolation, and security monitoring in place.
🎯 Exploit Status
Exploitation requires authenticated access and depends on presence of POP chains from other installed plugins/themes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2.2.33.32
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3155863/enquiry-quotation-for-woocommerce
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'Product Enquiry for WooCommerce'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Remove vulnerable plugin
allTemporarily disable or remove the vulnerable plugin until patched
wp plugin deactivate enquiry-quotation-for-woocommerce
wp plugin delete enquiry-quotation-for-woocommerce
Restrict user roles
allLimit Author-level and higher user accounts to trusted personnel only
🧯 If You Can't Patch
- Implement strict access controls for Author-level and higher WordPress user roles
- Monitor for suspicious activity from Author-level accounts and review installed plugins/themes for potential POP chains
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin panel under Plugins > Product Enquiry for WooCommerceCheck Version:
wp plugin get enquiry-quotation-for-woocommerce --field=versionVerify Fix Applied:
Verify plugin version is higher than 2.2.33.32 and check that enquiry_detail.php no longer contains unsafe deserialization📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to enquiry_detail.php
- Suspicious activity from Author-level user accounts
- Unexpected file deletions or modifications
Network Indicators:
- HTTP requests containing serialized PHP objects in POST data to WooCommerce enquiry endpoints
SIEM Query:
source="wordpress.log" AND "enquiry_detail.php" AND (POST OR PUT) AND ("O:" OR "C:" OR "a:" in request_body)