Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL VULNERABILITY IN GIVEWP WORDPRESS PLUGIN CAN LEAD TO REMOTE CODE EXECUTION AND ARBITRARY FILE DELETION. PATCH IMMEDIATELY!
Image
Published : 21/08/2024
Reference:
Advisory #2024-207
Version:
1.0
Affected software:
GiveWP – Donation WordPress plugin and Fundraising Platform
Type:
Remote code execution
CVE/CVSS:
CVE-2024-5932
CVSS: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
On 19 August 2024, WordFence released an advisory addressing a critical vulnerability affecting a WordPress plugin called GiveWP – Donation Plugin and Fundraising Platform. This plugin includes many features, such as customizable donation forms, donors management, reports management, integration with third-party gateways and services. A flaw in the plugin could enable unauthenticated attackers to perform remote code execution and delete arbitrary files.
This critical vulnerability has the highest possible CVSS score. All versions prior to the 19 August release are vulnerable. In total, it is estimated that 100.000 websites worldwide are exposed.
To our knowledge, this vulnerability is not under active exploitation (cut-off date: 21 August 2024).
Update: On 21-09-2024, the release of a Metasploit module and the circulation of an exploit link in underground forums sharply increased the risk of this vulnerability being exploited by attackers. The accessibility of these tools now makes exploitation faster and easier, elevating the threat to exposed systems.
Exploitation of this vulnerability can have a high impact on confidentiality, integrity and availability.
Description
CVE-2024-5932 is a deserialization of untrusted data vulnerability. The vulnerability is rooted in a function called "give_process_donation_form()," which is used to validate and sanitize the entered form data before passing the donation information, including the payment details, to the specified gateway.
A flaw in the plugin makes it vulnerable to PHP Object Injection, which enables unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices, after thorough testing.
Wordfence reports this vulnerability was patched in versions 3.14.2 or above.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.