CVE-2024-10763 Overview
CVE-2024-10763 is a Local File Inclusion (LFI) vulnerability affecting the Campress theme for WordPress. The vulnerability exists in all versions up to and including 1.35 within the campress_woocommerce_get_ajax_products function. This security flaw enables unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code present in those files. Successful exploitation can be used to bypass access controls, obtain sensitive data, or achieve remote code execution in scenarios where PHP file types can be uploaded and included.
Critical Impact
Unauthenticated attackers can achieve remote code execution by exploiting this Local File Inclusion vulnerability, potentially compromising the entire WordPress installation and underlying server infrastructure.
Affected Products
- Apuswp Campress WordPress Theme version 1.35 and earlier
- WordPress installations utilizing the Campress theme
- WooCommerce integrations with Campress theme
Discovery Timeline
- 2025-02-13 - CVE-2024-10763 published to NVD
- 2025-11-13 - Last updated in NVD database
Technical Details for CVE-2024-10763
Vulnerability Analysis
This Local File Inclusion vulnerability stems from improper input validation within the campress_woocommerce_get_ajax_products function of the Campress WordPress theme. The function fails to adequately sanitize user-supplied input before using it in file inclusion operations. Since the vulnerable function is accessible without authentication, any remote attacker can exploit this flaw over the network without requiring user interaction or special privileges.
The vulnerability allows attackers to traverse directories and include arbitrary local files from the server. When combined with the ability to upload PHP files (through other means such as media uploads or other vulnerabilities), this can lead to full remote code execution. Even without file upload capabilities, attackers can potentially read sensitive configuration files, access database credentials, or include log files that may contain injectable PHP code.
Root Cause
The root cause of CVE-2024-10763 is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, also known as Path Traversal). The campress_woocommerce_get_ajax_products function accepts user-controlled input that is directly used to construct file paths for inclusion without proper sanitization or validation. This allows attackers to use path traversal sequences (such as ../) to navigate outside the intended directory and include arbitrary files from the filesystem.
Attack Vector
The attack vector for this vulnerability is network-based and requires no authentication. An attacker can craft malicious HTTP requests to the WordPress installation targeting the vulnerable AJAX endpoint. The attack flow typically involves:
- Identifying a WordPress site using the Campress theme version 1.35 or earlier
- Crafting a malicious request to the campress_woocommerce_get_ajax_products AJAX handler
- Including path traversal sequences to reference arbitrary files on the server
- Executing PHP code from the included file or extracting sensitive information
The vulnerability is particularly dangerous because it can be exploited by unauthenticated attackers remotely, with low attack complexity, and can result in complete compromise of confidentiality, integrity, and availability of the affected system.
Detection Methods for CVE-2024-10763
Indicators of Compromise
- Unexpected HTTP requests to WordPress AJAX handlers containing path traversal sequences (e.g., ../, ..%2f, ..%252f)
- Web server logs showing requests to admin-ajax.php with the campress_woocommerce_get_ajax_products action parameter
- Access to sensitive files such as wp-config.php, /etc/passwd, or other system configuration files from web processes
- Unusual PHP file inclusions or executions recorded in server logs
Detection Strategies
- Implement Web Application Firewall (WAF) rules to detect and block path traversal patterns in request parameters
- Monitor WordPress AJAX endpoints for suspicious activity, particularly the campress_woocommerce_get_ajax_products action
- Deploy file integrity monitoring on critical WordPress and system configuration files
- Analyze web server access logs for patterns consistent with LFI exploitation attempts
Monitoring Recommendations
- Enable detailed logging for WordPress AJAX requests and review logs regularly for anomalous patterns
- Configure intrusion detection systems (IDS) to alert on path traversal attack signatures
- Monitor for unexpected file access patterns, particularly attempts to read files outside the WordPress directory
- Implement real-time alerting for any access to sensitive configuration files from web server processes
How to Mitigate CVE-2024-10763
Immediate Actions Required
- Update the Campress WordPress theme to a version newer than 1.35 that addresses this vulnerability
- If an update is not immediately available, deactivate and remove the Campress theme until a patched version is released
- Review web server logs for any signs of exploitation attempts
- Conduct a security audit of the WordPress installation to check for signs of compromise
Patch Information
Website administrators using the Campress theme should check for updates through the ThemeForest marketplace where the theme is distributed. For detailed vulnerability information and remediation guidance, consult the Wordfence Vulnerability Report. Contact the vendor (Apuswp) directly if no patched version is available.
Workarounds
- Implement WAF rules to block requests containing path traversal sequences targeting the vulnerable AJAX endpoint
- Restrict access to admin-ajax.php for unauthenticated users if the AJAX functionality is not required for public visitors
- Apply PHP security hardening measures such as open_basedir restrictions to limit file inclusion to specific directories
- Consider switching to an alternative WordPress theme until a security patch is available from the vendor
# Apache .htaccess configuration to block path traversal attempts
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} (\.\./|\.\.%2f|\.\.%252f) [NC]
RewriteRule .* - [F,L]
</IfModule>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
