What vulnerabilities were discovered in the Woffice WordPress theme?

Two critical vulnerabilities were discovered: CVE-2024-43153 (CVSS 9.8) allowing unauthenticated privilege escalation to administrator level, and CVE-2024-43234 (CVSS 9.8) enabling unauthorized users to log in as any existing user, including administrators. The theme has over 15,000 installations.

What are the details of the privilege escalation vulnerability (CVE-2024-43153)?

CVE-2024-43153 is caused by insufficient validation of the reg_role parameter in the registration function. It allows unauthenticated users to register with any role, including administrator, potentially enabling full website takeover and server compromise. This vulnerability was fixed in version 5.4.12.

What are the details of the account takeover vulnerability (CVE-2024-43234)?

CVE-2024-43234 is caused by insecure implementation of the register_redirect function. It can be exploited when Custom Login Page is enabled, Auto Login is enabled, and Email verification is disabled. This vulnerability enables unauthorized access to any user account and was fixed in version 5.4.15.

What version should Woffice users update to?

All Woffice users are strongly advised to update to at least version 5.4.15 to address both critical vulnerabilities.

What are the potential impacts of these vulnerabilities?

Both vulnerabilities have potentially severe impacts including full website takeover, server compromise, and the ability to deploy malicious code. They allow attackers to gain administrative access either through direct registration or by taking over existing administrator accounts.

Advisory

Critical flaws reported in WordPress Woffice Theme, update ASAP

published: Dec. 13, 2024

Take action: If you are using Woffice theme for Wordpress, time to patch IMMEDIATELY. It's very easily hacked - especially the Unauthenticated Privilege Escalation flaw.

Learn More

Two critical vulnerabilities have been discovered in the Woffice theme, a premium WordPress theme with over 15,000 installations.

Vulnerability Details:

CVE-2024-43153 (CVSS score 9.8) - Unauthenticated Privilege Escalation - Allows unauthenticated users to register with any role, including administrator. The flaw is caused by insufficient validation of the reg_role parameter in the registration function and enables potential full website takeover and server compromise. Fixed in version 5.4.12
CVE-2024-43234 (CVSS score 9.8) - Unauthenticated Account Takeover - Enables unauthorized users to log in as any existing user, including administrators. The flaw is caused by insecure implementation of the register_redirect function and can be exploited if: Custom Login Page is enabled, Auto Login is enabled, Email verification is disabled. Enables potential full site takeover and malicious code deployment. Fixed in version 5.4.15

All Woffice users are strongly advised to update to at least version 5.4.15.

Critical flaws reported in WordPress Woffice Theme, update ASAP

Read More
Pre-authentication remote code execution exploit chain reported in …
Critical authentication bypass flaw in JobMonster WordPress theme …
WordPress malware campaign disguised as legitimate Security Plugin
20,000 WordPress Sites Exposed to Backdoor in LA-Studio …
CISA warns of active exploitation of critical authentication …