A critical vulnerability has been found in the GiveWP plugin, a popular WordPress donation and fundraising platform. This vulnerability, known as CVE-2024-5932, puts more than 100,000 WordPress sites at risk of potential remote code execution (RCE) attacks. The security researcher villu164 responsibly disclosed the vulnerability through the Wordfence Bug Bounty Program.

The CVE-2024-5932 vulnerability is related to PHP Object Injection, which occurs when user input is deserialized into PHP objects without proper validation or sanitization. This allows attackers to inject malicious objects that can execute arbitrary code or undertake unauthorized actions on the server. The GiveWP plugin, including version 3.14.1, is vulnerable to PHP Object Injection triggered by deserializing untrusted input from the ‘give_title’ parameter.

Unauthenticated attackers could inject a PHP object due to a Property-Oriented Programming (POP) chain in the plugin, enabling them to remotely execute code and delete arbitrary files. The technical details of the vulnerability show that the issue lies in the give_process_donation_form() function, which fails to validate the ‘give_title’ post parameter, allowing attackers to inject serialized objects. This could result in the execution of arbitrary code and the deletion of crucial files like wp-config.php, potentially leading to site compromise.

The vulnerability leverages a complex POP chain involving the GiveInsertPaymentData class and the Give\Vendors\Faker\ValidGenerator class, allowing attackers to run arbitrary commands on the server using the shell_exec() function. The CVE-2024-5932 details reveal that the vulnerability has a CVSS score of 10.0 (Critical) and affects versions up to 3.14.1, with a fully patched version available in 3.14.2.

The response to the vulnerability involved reporting it to the StellarWP team on June 13, 2024. After receiving no response, the issue was escalated to the WordPress.org Security Team on July 6, 2024. A patch was released on August 7, 2024, in version 3.14.2 of the GiveWP plugin. Users are strongly advised to update to the latest version to safeguard their sites from potential exploitation.

It is crucial for users to conduct regular updates and security audits to uphold the security of WordPress sites. This vulnerability discovery underscores the significance of robust security practices and responsible disclosure in preserving the safety of the WordPress ecosystem. As the digital landscape evolves, it is essential for users to remain proactive in securing their digital assets.

In conclusion, the CVE-2024-5932 vulnerability in the GiveWP plugin highlights the need for strong security measures and vigilance in protecting WordPress sites. By staying informed and taking necessary precautions, users can help safeguard their online presence from potential threats and vulnerabilities.

Source link