CVE-2024-9931

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

Published: Oct 26, 2024 / Updated: 25d ago

010
CVSS 9.8EPSS 0.09%Critical
CVE info copied to clipboard

Summary

The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This vulnerability is caused by missing validation on the token being supplied during the autologin through the plugin. As a result, unauthenticated attackers can log in to the first administrator user account.

Impact

This vulnerability has a severe impact on the affected WordPress installations. Successful exploitation allows unauthenticated attackers to gain unauthorized access to the first administrator user account. This can lead to: 1. Complete compromise of the WordPress site 2. Unauthorized modification or deletion of content 3. Installation of malicious plugins or themes 4. Access to sensitive information stored in the WordPress database 5. Potential lateral movement to other parts of the network if the WordPress installation is connected to other systems The CVSS v3.1 base score of 9.8 (Critical) indicates that this vulnerability has high impacts on confidentiality, integrity, and availability, with no user interaction required and can be exploited over the network.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the current information, there is no mention of an available patch. The vulnerability affects versions up to and including 3.0.0 of the Wux Blog Editor plugin for WordPress. Users should check for updates to the plugin that address this vulnerability or consider removing the plugin if it's not essential.

Mitigation

Given the critical nature of this vulnerability, the following mitigation steps are recommended: 1. Immediately update the Wux Blog Editor plugin if a patched version becomes available. 2. If no patch is available, consider disabling or removing the Wux Blog Editor plugin until a secure version is released. 3. Implement strong access controls and network segmentation to limit potential damage if exploitation occurs. 4. Monitor WordPress admin activities closely for any signs of unauthorized access. 5. Implement multi-factor authentication for WordPress admin accounts if possible. 6. Regularly backup your WordPress installation and keep backups isolated from the main system. 7. Consider using a Web Application Firewall (WAF) to help detect and block potential exploit attempts. 8. Keep all WordPress core files, themes, and other plugins up-to-date to minimize overall attack surface.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9931. See article

Oct 26, 2024 at 2:29 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 26, 2024 at 2:29 AM
CVE Assignment

NVD published the first details for CVE-2024-9931

Oct 26, 2024 at 3:15 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 26, 2024 at 3:20 AM / nvd
EPSS

EPSS Score was set to: 0.09% (Percentile: 39.9%)

Oct 26, 2024 at 9:53 AM
Static CVE Timeline Graph

Affected Systems

Wordpress/wordpress
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-127: Directory Indexing
+null more

News

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week: WordPress Plugins with Reported Vulnerabilities Last Week
Vulnerability Summary for the Week of October 21, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info Patch Info Admin–Verbalize WP Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0. 2024-10-23 10 CVE-2024-49668 audit@patchstack.com advancedcoding–Comments wpDiscuz The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. 2024-10-25 9.8 CVE-2024-9488 security@wordfence.com security@wordfence.com security@wordfence.com Alexander De Ridder–INK Official Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2. 2024-10-23 9.9 CVE-2024-49669 audit@patchstack.com Amazon–Amazon.ApplicationLoadBalancer.Identity.AspNetCore Middleware The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET https://dotnet.microsoft.com/apps/aspnet Core deployment scenario, including Fargate, EKS, ECS, EC2, and Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity and an actor may be able to mimic valid OIDC-federated sessions to the ALB targets.
US-CERT Vulnerability Summary for the Week of October 21, 2024
Primary Vendor — Product Description Published CVSS Score Source Info Patch Info Admin–Verbalize WP Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0. 2024-10-23 10 CVE-2024-49668 [email protected] advancedcoding–Comments wpDiscuz The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. 2024-10-25 9.8 CVE-2024-9488 [email protected] [email protected] [email protected] Alexander De Ridder–INK Official Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2. 2024-10-23 9.9 CVE-2024-49669 [email protected] Amazon–Amazon.ApplicationLoadBalancer.Identity.AspNetCore Middleware The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET https://dotnet.microsoft.com/apps/aspnet Core deployment scenario, including Fargate, EKS, ECS, EC2, and Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity and an actor may be able to mimic valid OIDC-federated sessions to the ALB targets.
Vulnerability Summary for the Week of October 21, 2024
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info Admin--Verbalize WP Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0. 2024-10-23 10 CVE-2024-49668 audit@patchstack.com advancedcoding--Comments wpDiscuz The Comments - wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. 2024-10-25 9.8 CVE-2024-9488 security@wordfence.com security@wordfence.com security@wordfence.com Alexander De Ridder--INK Official Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2. 2024-10-23 9.9 CVE-2024-49669 audit@patchstack.com Amazon--Amazon.ApplicationLoadBalancer.Identity.AspNetCore Middleware The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET https://dotnet.microsoft.com/apps/aspnet Core deployment scenario, including Fargate, EKS, ECS, EC2, and Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity and an actor may be able to mimic valid OIDC-federated sessions to the ALB targets.
CVE Alert: CVE-2024-9931 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-9931/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_9931
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI