CVE-2024-9947 – The ProfilePress Pro WordPress plugin has an au... (How to Fix)

Q: What is the severity of CVE-2024-9947?

CVE-2024-9947 has a CVSS score of 8.1 (HIGH). The ProfilePress Pro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators, if they know the user's email address and the user hasn't linked that email to a social login service. This affects all WordPress sites using ProfilePress Pro version 4.11.1 or earlier.

📋 TL;DR

The ProfilePress Pro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators, if they know the user's email address and the user hasn't linked that email to a social login service. This affects all WordPress sites using ProfilePress Pro version 4.11.1 or earlier.

💻 Affected Systems

Products:

ProfilePress Pro WordPress Plugin

Versions: All versions up to and including 4.11.1

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires social login feature to be enabled. Vulnerability exists when users haven't linked their email to social login services.

📦 What is this software?

Profilepress by Properfraction

View all CVEs affecting Profilepress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to WordPress sites, enabling complete site takeover, data theft, malware injection, and defacement.

🟠

Likely Case

Attackers compromise user accounts to steal sensitive data, post malicious content, or escalate privileges to administrative access.

🟢

If Mitigated

With proper monitoring and limited user accounts, impact is reduced to unauthorized access of non-privileged accounts only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of target user email addresses but no authentication. Social engineering or email enumeration could provide this information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.11.2 or later

Vendor Advisory: https://profilepress.com/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find ProfilePress Pro and check for updates. 4. Update to version 4.11.2 or later. 5. Verify update completed successfully.

🔧 Temporary Workarounds

Disable Social Login

all

Temporarily disable the social login feature in ProfilePress Pro settings to prevent exploitation.

Disable Plugin

all

Deactivate ProfilePress Pro plugin until patched, though this will break plugin functionality.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block suspicious authentication attempts
Enable detailed logging of all authentication events and monitor for unusual login patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → ProfilePress Pro version. If version is 4.11.1 or earlier, you are vulnerable.

Check Version:

wp plugin list --name=profilepress-pro --field=version

Verify Fix Applied:

After updating, verify ProfilePress Pro version is 4.11.2 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual login patterns from new IP addresses
Multiple failed social login attempts followed by successful login
Administrator logins from unexpected locations

Network Indicators:

HTTP POST requests to /wp-admin/admin-ajax.php with social login parameters
Unusual authentication traffic patterns

SIEM Query:

source="wordpress.log" AND ("social-login" OR "profilepress") AND status="200" AND user_agent NOT IN ["normal_user_agents"]

📊 Metadata

CVE ID: CVE-2024-9947

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: October 23, 2024

Last Updated: October 25, 2024

🔗 References

https://profilepress.com/ Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/61b477c3-88b7-45a4-9fc4-6bca6f7c3604?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9947, you might also want to check these: