CVE-2024-9624
📋 TL;DR
The WP All Import Pro WordPress plugin has a Server-Side Request Forgery vulnerability that allows authenticated attackers with Administrator privileges to make arbitrary web requests from the vulnerable server. This can be used to query internal services, access cloud metadata, or potentially interact with internal systems. Only WordPress sites using vulnerable versions of this specific plugin are affected.
💻 Affected Systems
- WP All Import Pro WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive internal services, retrieve cloud instance metadata (including credentials), perform internal network reconnaissance, or interact with internal APIs that shouldn't be externally accessible.
Likely Case
Attackers with compromised admin credentials could exfiltrate cloud metadata, scan internal networks, or interact with internal services like databases or management interfaces.
If Mitigated
With proper network segmentation and cloud metadata protection, impact would be limited to internal service enumeration without credential access.
🎯 Exploit Status
Exploitation requires Administrator credentials but is straightforward once authenticated. The vulnerability is in a core plugin function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.9.4
Vendor Advisory: https://www.wpallimport.com
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP All Import Pro. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.9.4+ from wpallimport.com and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable WP All Import Pro plugin until patched
wp plugin deactivate wp-all-import-pro
Restrict Admin Access
linuxImplement IP whitelisting for WordPress admin panel
# Add to .htaccess for Apache:
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
</Files>
# Add to nginx config:
location /wp-admin {
allow 192.168.1.0/24;
deny all;
}
🧯 If You Can't Patch
- Implement network segmentation to restrict outbound connections from web servers
- Configure cloud metadata service to require authentication or disable it if not needed
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WP All Import Pro versionCheck Version:
wp plugin get wp-all-import-pro --field=versionVerify Fix Applied:
Verify WP All Import Pro version is 4.9.4 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from web server to internal IPs or metadata endpoints
- Multiple failed authentication attempts followed by successful admin login
Network Indicators:
- Web server making requests to 169.254.169.254 (AWS/Azure/GCP metadata)
- Web server scanning internal network ranges
SIEM Query:
source="web_server_logs" AND (dest_ip=169.254.169.254 OR dest_ip IN 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16) AND user_agent="WordPress"