Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2024-31380 — AI Deep Analysis Summary

CVSS 9.9 · Critical

Q1What is this vulnerability? (Essence + Consequences)

🚨 **Essence**: A Code Injection vulnerability in Oxygen Builder. 💥 **Consequences**: Allows Remote Code Execution (RCE). Attackers can run arbitrary code on the server, leading to total site compromise.

Q2Root Cause? (CWE/Flaw)

🛡️ **Root Cause**: CWE-94 (Code Injection). The flaw lies in how the plugin handles input, allowing malicious code to be injected and executed by the server.

Q3Who is affected? (Versions/Components)

👥 **Affected**: WordPress sites using **Soflyy Oxygen Builder** plugin. Specifically, version **4.8.1** and likely earlier versions are vulnerable.

Q4What can hackers do? (Privileges/Data)

🕵️ **Attacker Capabilities**: Full control! Can read/write files, execute system commands, and access sensitive data. CVSS scores High for Confidentiality, Integrity, and Availability.

Q5Is exploitation threshold high? (Auth/Config)

🔓 **Threshold**: **Medium**. Requires **Authenticated** access (PR:L). You need valid credentials to exploit this, but no user interaction (UI:N) is needed once logged in.

Q6Is there a public Exp? (PoC/Wild Exploitation)

💣 **Exploit Status**: **Yes**. Public PoC exists on GitHub (Chokopik/CVE-2024-31380-POC). Wild exploitation is likely imminent given the RCE nature.

Q7How to self-check? (Features/Scanning)

🔍 **Self-Check**: Scan for **Oxygen Builder** plugin version 4.8.1 or lower. Check if authenticated endpoints are exposed. Use vulnerability scanners detecting CWE-94 in PHP contexts.

Q8Is it fixed officially? (Patch/Mitigation)

🩹 **Fix**: **Yes**. Official patches are available. Update Oxygen Builder to the latest version immediately. Refer to Soflyy’s official security advisories.

Q9What if no patch? (Workaround)

🚧 **No Patch?**: **Disable** the plugin if not essential. Restrict admin access via IP whitelisting. Implement WAF rules to block code injection patterns in POST requests.

Q10Is it urgent? (Priority Suggestion)

🔥 **Urgency**: **CRITICAL**. High CVSS score + Public PoC + RCE capability. Patch immediately to prevent server takeover. Do not delay!