CVE-2024-9661
📋 TL;DR
This CSRF vulnerability in WP All Import Pro allows unauthenticated attackers to trick administrators into deleting imported content (posts, comments, users) by clicking malicious links. All WordPress sites using WP All Import Pro up to version 4.9.7 are affected. The attack requires social engineering to get an administrator to perform an action.
💻 Affected Systems
- WP All Import Pro WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete deletion of all imported content including posts, comments, and user data, potentially causing data loss and site disruption.
Likely Case
Partial deletion of imported content when an administrator clicks a malicious link, leading to data loss and content management issues.
If Mitigated
No impact if administrators don't click malicious links or if proper CSRF protections are implemented.
🎯 Exploit Status
Exploitation requires social engineering to trick administrators but technical complexity is low once the victim clicks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.9.8 or later
Vendor Advisory: https://www.wpallimport.com
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find WP All Import Pro. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from wpallimport.com and upload via FTP.
🔧 Temporary Workarounds
Disable WP All Import Pro
allTemporarily deactivate the plugin until patched
wp plugin deactivate wp-all-import-pro
Implement CSRF Protection
allAdd custom nonce validation to the delete_and_edit function
🧯 If You Can't Patch
- Restrict administrator access to trusted networks only
- Implement web application firewall with CSRF protection rules
🔍 How to Verify
Check if Vulnerable:
Check WP All Import Pro version in WordPress admin under Plugins → Installed PluginsCheck Version:
wp plugin get wp-all-import-pro --field=versionVerify Fix Applied:
Verify version is 4.9.8 or higher in WordPress admin plugins page📡 Detection & Monitoring
Log Indicators:
- Unusual delete operations in WordPress logs
- Multiple content deletions from single IP
- CSRF token validation failures
Network Indicators:
- HTTP POST requests to wp-admin/admin-ajax.php with delete actions
- Requests with missing or invalid nonce parameters
SIEM Query:
source="wordpress.log" AND (action="delete" OR action="trash") AND plugin="wp-all-import-pro"