CVE-2024-31210
published 2024-04-04CVE-2024-31210: WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an…
PriorityP349high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.95%
56.6th percentile
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Super Admin level users on Multisite installations where it's otherwise expected that the user does not have permission to upload or execute arbitrary PHP code. Lower level users are not affected. Sites where the `DISALLOW_FILE_MODS` constant is set to `true` are not affected. Sites where an administrative user either does not need to enter FTP credentials or they have access to the valid FTP credentials, are not affected. The issue was fixed in WordPress 6.4.3 on January 30, 2024 and backported to versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40. A workaround is available. If the `DISALLOW_FILE_MODS` constant is defined as `true` then it will not be possible for any user to upload a plugin and therefore this issue will not be exploitable.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 6.1.6+dfsg1-0+deb12u1 (bookworm) | wordpress 6.1.6+dfsg1-0+deb12u1 (bookworm) |
| wordpress | wordpress | < 4.1.40 | 4.1.40 |
| wordpress | wordpress | >= 0 < 5.7.11+dfsg1-0+deb11u1 | 5.7.11+dfsg1-0+deb11u1 |
| wordpress | wordpress | >= 0 < 6.1.6+dfsg1-0+deb12u1 | 6.1.6+dfsg1-0+deb12u1 |
| wordpress | wordpress | >= 0 < 6.4.3+dfsg1-1 | 6.4.3+dfsg1-1 |
| wordpress | wordpress | >= 0 < 6.4.3+dfsg1-1 | 6.4.3+dfsg1-1 |
| wordpress | wordpress | >= 4.2 < 4.2.37 | 4.2.37 |
| wordpress | wordpress | >= 4.3 < 4.3.33 | 4.3.33 |
| wordpress | wordpress | >= 4.4 < 4.4.32 | 4.4.32 |
| wordpress | wordpress | >= 4.5 < 4.5.31 | 4.5.31 |
| wordpress | wordpress | >= 4.6 < 4.6.28 | 4.6.28 |
| wordpress | wordpress | >= 4.7 < 4.7.28 | 4.7.28 |
| wordpress | wordpress | >= 4.8 < 4.8.24 | 4.8.24 |
| wordpress | wordpress | >= 4.9 < 4.9.25 | 4.9.25 |
| wordpress | wordpress | >= 5.0 < 5.0.21 | 5.0.21 |
| wordpress | wordpress | >= 5.1 < 5.1.18 | 5.1.18 |
| wordpress | wordpress | >= 5.2 < 5.2.20 | 5.2.20 |
| wordpress | wordpress | >= 5.3 < 5.3.17 | 5.3.17 |
| wordpress | wordpress | >= 5.4 < 5.4.15 | 5.4.15 |
| wordpress | wordpress | >= 5.5 < 5.5.14 | 5.5.14 |
| wordpress | wordpress | >= 5.6 < 5.6.13 | 5.6.13 |
| wordpress | wordpress | >= 5.7 < 5.7.11 | 5.7.11 |
| wordpress | wordpress | >= 5.8 < 5.8.9 | 5.8.9 |
| wordpress | wordpress | >= 5.9 < 5.9.9 | 5.9.9 |
| wordpress | wordpress | >= 6.0 < 6.0.7 | 6.0.7 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2024-31210: wordpress - WordPress is an open publishing platform for the Web. It's possible for a file o...
vendor_debian·2024·CVSS 7.6
CVE-2024-31210 [HIGH] CVE-2024-31210: wordpress - WordPress is an open publishing platform for the Web. It's possible for a file o...
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Sup
OSV
CVE-2024-31210: WordPress is an open publishing platform for the Web
osv·2024-04-04·CVSS 8.8
CVE-2024-31210 [HIGH] CVE-2024-31210: WordPress is an open publishing platform for the Web
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Sup
No detection rules found.
No public exploits indexed.
Qualys
WordPress RCE Vulnerability CVE-2024-31210 Puts Websites at Risk
blogs_qualys·2024-04-15·CVSS 7.6
[HIGH] WordPress RCE Vulnerability CVE-2024-31210 Puts Websites at Risk
## Table of Contents
WordPress Vulnerability Details and Security Risks
WordPress Versions Affected by the Vulnerability
Impact of the WordPress Vulnerability on Websites
Detecting the Vulnerability with Qualys WAS
Vulnerability Scan Reports
Steps to Mitigate the WordPress Vulnerability
Fix for the WordPress Vulnerability and Security Patch
Workaround
References
Contributors
WordPress is a widely used open publishing platform for the web. A security vulnerability was discovered that allows administrator-level users on single-site installations and Super Admin-level users on Multisite installations to execute arbitrary PHP code. This vulnerability affects WordPress versions prior to 6.4.3 and was addressed in a security patch released on January 30, 2024.
Qualys Web Application
Qualys
WordPress RCE Vulnerability: CVE-2024-31210 Alert | Qualys
blogs_qualys·2024-04-15·CVSS 7.6
CVE-2024-31210 [HIGH] WordPress RCE Vulnerability: CVE-2024-31210 Alert | Qualys
#### Table of Contents
- WordPress Vulnerability Details and Security Risks
- WordPress Versions Affected by the Vulnerability
- Impact of the WordPress Vulnerability on Websites
- Detecting the Vulnerability with Qualys WAS
- Vulnerability Scan Reports
- Steps to Mitigate the WordPress Vulnerability
- Fix for the WordPress Vulnerability and Security Patch
- Workaround
- References
- Contributors
WordPress is a widely used open publishing platform for the web. A security vulnerability was discovered that allows administrator-level users on single-site installations and Super Admin-level users on Multisite installations to execute arbitrary PHP code. This vulnerability affects WordPress versions prior to 6.4.3 and was addressed in a security patch released on January 30, 2024.
Qualys Web
2024-04-04
Published