Analysis Summary

The WordPress GiveWP donation and fundraising plugin contains a maximum severity security issue that can allow remote code execution attacks on over 100,000 websites.

Tracked as CVE-2024-5932 (CVSS score: 10.0), the vulnerability affects all plugin versions before version 3.14.2, which was made available on August 7, 2024. All versions of the plugin up to and including 3.14.1 are susceptible to PHP Object Injection due to the deserialization of untrusted input from the 'give_title' option. This allows an attacker without authorization to inject a PHP object. The inclusion of a POP chain gives attackers the ability to remotely run code and remove any file they choose.

The function "give_process_donation_form()", which verifies and sanitizes the data input on the form before sending the donation details, including the payment details, to the designated gateway, is the source of the vulnerability. Users must upgrade their instances to the most recent version immediately because a successful exploit of the bug could allow an authenticated threat actor to run malicious code on the server.

Wordfence discovered another serious security vulnerability in the InPost PL and InPost for WooCommerce WordPress plugins a few days prior (CVE-2024-6500, CVSS score: 10.0), which allows unauthorized threat actors to read and remove any file, including the wp-config.php file. All files on Linux computers can be read, but only those inside the WordPress install directory can be removed. Version 1.4.5 contains a patch to address the problem.

A PHP code injection vulnerability has also been found to enable remote code execution in JS Help Desk, a WordPress plugin with more than 5,000 active installs (CVE-2024-7094, CVSS score: 9.8). This is another serious problem in the plugin. Version 2.8.7 includes a patch for the vulnerability. To prevent attacks that use these vulnerabilities to send credit card skimmers that can collect financial data entered by website users, patching against these vulnerabilities is essential.

Impact

• Remote Code Execution
• File Manipulation

Indicators of Compromise

CVE

• CVE-2024-5932

Affected Vendors

Remediation

• Upgrade to the latest version of Plugin, available from the WordPress Plugin Directory.
• Enhance the security of your WordPress site by implementing two-factor authentication.
• Keep your WordPress core and all installed plugins up to date.
• Conduct regular security audits of your WordPress site.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets
• Maintain daily backups of all computer networks and servers.
• Keep all software, operating systems, and applications updated with the latest security patches.
• Continuously monitor network and system logs for unusual or suspicious activities.
• Review and secure website code to prevent open redirect vulnerabilities.
• Educate all site administrators about security best practices and the potential risks associated with phishing emails, fake security advisories, and malicious plugins.