CVE-2024-9235
📋 TL;DR
The Mapster WP Maps WordPress plugin has an insufficient capability check vulnerability that allows authenticated attackers with contributor-level access or higher to modify arbitrary WordPress site options. This can be exploited to change the default user registration role to administrator and enable user registration, granting attackers full administrative control. All WordPress sites using Mapster WP Maps version 1.5.0 or earlier are affected.
💻 Affected Systems
- Mapster WP Maps WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative access, can modify content, install malicious plugins/themes, steal data, and maintain persistent backdoor access.
Likely Case
Attackers gain administrative privileges, modify site settings, inject malicious content, and potentially compromise user data.
If Mitigated
Limited impact if proper access controls, monitoring, and least privilege principles are already implemented.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker obtains contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.1
Vendor Advisory: https://wordpress.org/plugins/mapster-wp-maps/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Mapster WP Maps and click 'Update Now'. 4. Verify the plugin version is 1.5.1 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Mapster WP Maps plugin until patched
wp plugin deactivate mapster-wp-maps
Restrict user roles
allLimit contributor and author roles to trusted users only
🧯 If You Can't Patch
- Remove contributor and author access from untrusted users
- Implement web application firewall rules to block suspicious option modification requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Mapster WP Maps version. If version is 1.5.0 or lower, you are vulnerable.Check Version:
wp plugin get mapster-wp-maps --field=versionVerify Fix Applied:
Verify plugin version is 1.5.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual option modifications in WordPress logs
- Multiple failed login attempts followed by successful contributor login
- User role changes from default_registration_role option
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=mapster_wp_maps_set_option
- Unusual admin user creation requests
SIEM Query:
source="wordpress.log" AND ("default_role" OR "users_can_register" OR "mapster_wp_maps_set_option")🔗 References
- https://github.com/WordPressBugBounty/plugins-mapster-wp-maps/blob/009ff350f7fee0788c6d8a735af03e21b132c983/mapster-wp-maps/admin/api/class-mapster-wordpress-maps-api.php#L12
- https://plugins.trac.wordpress.org/changeset/3161051/mapster-wp-maps/tags/1.5.0/admin/api/class-mapster-wordpress-maps-api.php?old=3154048&old_path=mapster-wp-maps%2Ftags%2F1.4.1%2Fadmin%2Fapi%2Fclass-mapster-wordpress-maps-api.php
- https://plugins.trac.wordpress.org/changeset/3173973
- https://wordpress.org/plugins/mapster-wp-maps/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b81c2990-68d1-4d45-9724-262ec017caf1?source=cve
