SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-3812

CVE-2024-3812: Salient Core WordPress Plugin RCE Flaw

CVE-2024-3812 is a local file inclusion vulnerability in Salient Core WordPress plugin that enables authenticated attackers to execute arbitrary PHP code. This article covers technical details, affected versions, and mitigation steps.

Updated:

CVE-2024-3812 Overview

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 2.0.7 via the nectar_icon shortcode icon_linea attribute. This allows authenticated attackers with contributor-level and higher permissions to include and execute arbitrary files on the server, enabling the execution of any PHP code contained within those files. This can lead to bypassing access controls, obtaining sensitive data, or executing code when a PHP file type can be uploaded and included.

Critical Impact

Allows execution of arbitrary PHP code, potentially leading to unauthorized access and data exfiltration.

Affected Products

  • Salient Core plugin for WordPress <= 2.0.7

Discovery Timeline

  • 2024-05-18 - CVE-2024-3812 published to NVD
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2024-3812

Vulnerability Analysis

The vulnerability is due to insufficient validation of the icon_linea attribute within the nectar_icon shortcode. Attackers exploiting this flaw may include files from the server file system, leading to arbitrary code execution in the context of the server.

Root Cause

Improper input validation and sanitization of user-supplied input in the icon_linea attribute of the shortcode, allowing Local File Inclusion (LFI).

Attack Vector

The attack is carried out via the network by an authenticated attacker with contributor-level permissions or higher.

php
// Example exploitation code (sanitized)
include('/path/to/potential/file.php');

Detection Methods for CVE-2024-3812

Indicators of Compromise

  • Unusual inclusion of server-side files
  • Unauthorized PHP code execution logs
  • Suspicious access patterns to sensitive files

Detection Strategies

Implement regular audits of file inclusion logs and monitor for unexpected filename patterns originating from user inputs.

Monitoring Recommendations

Use server-side logging to capture any abnormal file access requests and integrate with SIEM systems to alert on potential exploit attempts.

How to Mitigate CVE-2024-3812

Immediate Actions Required

  • Validate and sanitize all user inputs for shortcode attributes
  • Limit PHP file upload capability only to trusted users
  • Disable execution of uploaded files when possible

Patch Information

Update to the latest version of Salient Core plugin where the vulnerability is patched.

Workarounds

Disable the vulnerable nectar_icon shortcode feature if not critical to operations or apply stringent access control policies.

bash
# Configuration example to disable PHP execution
<Directory "/var/www/uploads">
   php_flag engine off
</Directory>

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne