Summary
Administrative users on single-site setups and Super Admin-level users on Multisite setups could capitalize on a loophole in the plugin upload system. If they tried uploading a file that wasn’t a zip file as a new plugin through the Plugins -> Add New -> Upload Plugin interface and were prompted for FTP credentials, the uploaded file lingered momentarily in the Media Library, despite not being permitted. This created a window for potentially executing arbitrary PHP code.
Affected Versions:
WordPress below 4.1.39
WordPress from 4.2 to 4.2.36
WordPress from 4.3 to 4.3.32
WordPress from 4.4 to 4.4.31
WordPress from 4.5 to 4.5.30
WordPress from 4.6 to 4.6.27
WordPress from 4.7 to 4.7.27
WordPress from 4.8 to 4.8.23
WordPress from 4.9 to 4.9.24
WordPress from 5.0 to 5.0.20
WordPress from 5.1 to 5.1.17
WordPress from 5.2 to 5.2.19
WordPress from 5.3 to 5.3.16
WordPress from 5.4 to 5.4.14
WordPress from 5.5 to 5.5.13
WordPress from 5.6 to 5.6.12
WordPress from 5.7 to 5.7.10
WordPress from 5.8 to 5.8.8
WordPress from 5.9 to 5.9.8
WordPress from 6.0 to 6.0.6
WordPress from 6.1 to 6.1.4
WordPress from 6.2 to 6.2.3
WordPress from 6.3 to 6.3.2
WordPress from 6.4 to 6.4.2
Exploitable: Administrators of single-site setups and Super Admins of Multisite setups have the capability to execute PHP code arbitrarily.
Not Exploitable: Users with lower privileges remain unaffected. Websites with the DISALLOW_FILE_MODS constant set to true are unaffected. Websites where administrative users don’t require FTP credentials or lack access to valid FTP credentials are also unaffected.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-31210
Found this article interesting? Follow us on X and LinkedIn to read more exclusive content we post.
