CVE-2024-1861 - Unauthorized Data Modification Vulnerability in WordPress Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Plugin

CVE-2024-1861 is a newly discovered vulnerability affecting all versions up to and including version 4.52 of the Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress. This security issue makes it possible for authenticated attackers with subscriber-level access and above to perform unauthorized modification of data by truncating the scan table.

This vulnerability is due to the absence of a proper capability check in the antihacker_truncate_scan_table() function, which can potentially result in severe consequences for WordPress site security.

Code Snippet

The following code snippet illustrates the lack of capability checking in the antihacker_truncate_scan_table() function, which results in the unauthorized data modification vulnerability:

function antihacker_truncate_scan_table() {
  global $wpdb;
  $table_name = $wpdb->prefix . "antihacker_scan";
  $sql = 'TRUNCATE TABLE '.$table_name.';';
  $wpdb->query($sql);
}

Original References

- CVE-2024-1861 - National Vulnerability Database
- Official WordPress Disable Json API Plugin Repository
- Plugin Homepage

Exploit Details

An attacker with subscriber-level access can exploit this vulnerability by sending a request to WordPress with the action parameter set to "antihacker_truncate_scan_table." This request will trigger the vulnerable function without checking the user's capabilities, resulting in the truncation of the scan table.

The exploitation of this vulnerability can lead to various adverse effects, including the unauthorized deletion of important security data and potentially allowing attackers to cover their tracks after gaining access to a vulnerable WordPress site.

Mitigation & Recommendation

The developers of the Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress have been notified of this security issue. Until a fix is released, users are encouraged to keep an eye on any updates in the official plugin repository and apply security patches as soon as they become available.

Additionally, WordPress site administrators should ensure that they follow best security practices by limiting user access to the minimum necessary, applying strong password policies, and keeping all software components, including WordPress core, plugins, and themes, up-to-date with the latest security patches.

In conclusion, CVE-2024-1861 highlights the importance of having strong security practices and continuous monitoring in place to detect and prevent unauthorized access and exploitation of vulnerabilities such as this. Following these recommendations can significantly reduce the risk of potential cybersecurity threats targeting your WordPress website.

Timeline

Published on: 02/28/2024 09:33:35 UTC
Last modified on: 06/04/2024 17:59:57 UTC