Two critical vulnerabilities in WordPress (CVE-2024-7094, CVE-2024-7503)

Advisory No: TZCERT/SA/2024/08/13-2

Date of First Release: 13^th August 2024

Source: Wordfence

Software Affected: js-support-ticket, woo-social-login

Overview:

WordPress is vulnerable to critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary codes.

Description:

WordPress plugins js-support-ticket, and woo-social-login are affected by the vulnerabilities tracked as CVE-2024-7094, and CVE-2024-7503 with CVSS score of 9.8. The plugins are vulnerable to PHP Code Injection due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks,  and due to the use of loose comparison of the activation code in the ‘woo_slg_confirm_email_user’ function. Remote attackers can exploit the vulnerabilities to achieve arbitrary code execution on the server and the ability for unauthenticated attacker to log in as any existing user on the site after account takeover.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system and takeover user account.

Solution:

WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/js-support-ticket/js-help-desk-the-ultimate-help-desk-support-plugin-286-unauthenticated-php-code-injection-to-remote-code-execution
2. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-social-login/woocommerce-social-login-275-authentication-bypass-to-account-takeover