CVE-2024-9215
📋 TL;DR
This vulnerability in the PublishPress Authors WordPress plugin allows authenticated attackers with Author-level access or higher to modify arbitrary user email addresses, including administrators. Attackers can then trigger password resets to take over accounts. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- PublishPress Authors WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative access, modify content, install malware, or exfiltrate sensitive data.
Likely Case
Account takeover of administrators or editors leading to content manipulation, defacement, or privilege escalation.
If Mitigated
Limited impact if strong access controls, monitoring, and least privilege principles are enforced.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has Author privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.7.2 or later
Vendor Advisory: https://wordpress.org/plugins/publishpress-authors/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'PublishPress Authors' and click 'Update Now'. 4. Verify plugin version is 4.7.2 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate PublishPress Authors plugin until patched
wp plugin deactivate publishpress-authors
Restrict user roles
allReview and minimize users with Author-level access or higher
🧯 If You Can't Patch
- Implement strict access controls and monitor user activity logs for suspicious email modifications
- Use web application firewall (WAF) rules to block requests targeting the vulnerable action_edited_author() function
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for PublishPress Authors versionCheck Version:
wp plugin get publishpress-authors --field=versionVerify Fix Applied:
Confirm plugin version is 4.7.2 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual user email modification events in WordPress logs
- Multiple password reset requests for administrative accounts
Network Indicators:
- POST requests to wp-admin/admin-ajax.php with 'action_edited_author' action and modified 'authors-user_id' parameter
SIEM Query:
source="wordpress" AND (action="edited_author" OR message="email address changed")🔗 References
- https://plugins.trac.wordpress.org/browser/publishpress-authors/tags/4.7.1/src/core/Classes/Author_Editor.php#L594
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3169244%40publishpress-authors&new=3169244%40publishpress-authors&sfp_email=&sfph_mail=#file7
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d0506137-82e3-4988-9b23-370465a866c0?source=cve
