CVE-2024-10516
published 2024-12-06CVE-2024-10516: The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify'…
PriorityP266high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EXPLOIT
EPSS
6.48%
92.9th percentile
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| swte | swift_performance_lite | <= 2.3.7.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandaction=swift_performance_ajaxify&data=WyJ0ZW1wbGF0ZS1wYXJ0IiwibnVsbCIsIi4uLy4uLy4uLy4uLy4uL2V0Yy9wYXNzd2QiXQ==↗
- →Detect exploitation attempts by monitoring POST requests to /wp-admin/admin-ajax.php with the parameter 'action=swift_performance_ajaxify' from unauthenticated sources. ↗
- →Flag requests containing the 'data' parameter with base64-encoded payloads including path traversal sequences (e.g., decoded value contains '../../../../../etc/passwd') sent to the ajaxify action. ↗
- →Successful exploitation can be confirmed if the HTTP 200 response body matches the regex 'root:.*:0:0:', indicating /etc/passwd file inclusion. ↗
- →Identify vulnerable WordPress installations by searching for the string '/wp-content/plugins/swift-performance-lite' in HTTP response bodies (FOFA/Shodan fingerprinting). ↗
- ·The vulnerability is exploitable by unauthenticated attackers (no credentials required), meaning no authentication bypass is needed prior to exploitation. ↗
- ·The vulnerable parameter is 'ajaxify' (also referred to as the 'data' POST parameter in the PoC), processed by the 'ajaxify' function in all plugin versions up to and including 2.3.7.1. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
nuclei·CVSS 8.1
CVE-2024-10516 [HIGH] Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server.
Template:
id: CVE-2024-10516
info:
name: Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
author: ritikchaddha
severity: high
description: |
A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server.
impact: |
Unauthenticated attackers can perform local PHP file inclusion via the ajaxify parameter to execute arbitrary code, potentially compro
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/swift-performance-lite/trunk/includes/classes/class.ajax.php#L795https://plugins.trac.wordpress.org/browser/swift-performance-lite/trunk/includes/classes/class.ajax.php#L824https://plugins.trac.wordpress.org/changeset/3201933/https://www.wordfence.com/threat-intel/vulnerabilities/id/4921f41a-a9b1-4ae2-a903-c14ed22dcc15?source=cve
2024-12-06
Published