CVE-2024-10957 Vulnerability in UpdraftPlus Plugin

/ Research / By

Description

The vulnerability lies in the recursive_unserialized_replace function of the UpdraftPlus plugin. Improper handling of deserialization allows attackers to inject a PHP object if additional plugins or themes containing a Property-Oriented Programming (POP) chain are installed. While no POP chain exists within UpdraftPlus itself, the exploitability depends on the presence of other vulnerable components.

Key Details:

  1. CVE Identifier: CVE-2024-10957
  2. Affected Versions: UpdraftPlus versions 1.23.8 to 1.24.11.
  3. Severity: High (CVSS score: 8.8).
  4. Conditions for Exploitation:
    • An administrator must perform a search-and-replace action in the plugin.
    • A vulnerable POP chain must be present in another installed plugin or theme.

Campaign Scenario

Initial Exploitation
  1. Malicious Input Injection:
    • An attacker injects malicious data into the WordPress site, targeting the deserialization function of the plugin.
  2. Triggering the Exploit:
    • The payload is triggered when an administrator executes a search-and-replace operation using UpdraftPlus.

Impact
  • Delete Arbitrary Files: Critical website files may be erased, leading to functionality disruptions or downtime.
  • Access Sensitive Data: Confidential information, such as database credentials or user data, could be exposed.
  • Execute Arbitrary Code: The attacker gains control over the website, potentially using it for further attacks or malware distribution.

Affected Product or Versions

Vulnerable Versions
  • UpdraftPlus Backup & Migration Plugin:
    • Versions 1.23.8 through 1.24.11.

Patched Version
  • Version 1.24.12 resolves this vulnerability.

Recommendations

  1. Update the Plugin:
    • All users must update to UpdraftPlus version 1.24.12 or later to mitigate this vulnerability.
    • Updates can be performed through the WordPress admin dashboard under Plugins > Installed Plugins or downloaded from the official WordPress repository.
  1. Audit Installed Plugins and Themes:
    • Check for other plugins or themes containing POP chains, which could make the site susceptible to exploitation.
    • Remove or update vulnerable components immediately.
  2. Restrict Access to Administrative Actions:
    • Limit the ability to perform search-and-replace operations to trusted administrators only.
  3. Enhance Monitoring:
    • Use security plugins to monitor suspicious activity and prevent malicious payloads from being injected.
  4. Backup Data Regularly:
    • Ensure regular backups are in place to restore data in case of exploitation.

Protect your website from vulnerabilities like CVE-2024-10957 with Protergo’s advanced security solutions. Our expert team ensures your site stays secure, minimizing risks to your data and functionality. Learn more about our services here.

References

Sleep well, we got you covered.

sales@protergo.id
(+62) 821 2471 3461
Get Started

Follow Us

Facebook-f Instagram Linkedin

Get Direction

Jl. Pahlawan No.1, RT.1/RW.7, Bintaro, Kec. Pesanggrahan, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 15412

Copyright © 2025 PT PROTERGO SIBER SEKURITI