This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A Code Injection vulnerability in Oxygen Builder. π₯ **Consequences**: Allows Remote Code Execution (RCE). Attackers can run arbitrary code on the server, leading to total site compromise.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-94 (Code Injection). The flaw lies in how the plugin handles input, allowing malicious code to be injected and executed by the server.
Q3Who is affected? (Versions/Components)
π₯ **Affected**: WordPress sites using **Soflyy Oxygen Builder** plugin. Specifically, version **4.8.1** and likely earlier versions are vulnerable.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Capabilities**: Full control! Can read/write files, execute system commands, and access sensitive data. CVSS scores High for Confidentiality, Integrity, and Availability.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **Medium**. Requires **Authenticated** access (PR:L). You need valid credentials to exploit this, but no user interaction (UI:N) is needed once logged in.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Exploit Status**: **Yes**. Public PoC exists on GitHub (Chokopik/CVE-2024-31380-POC). Wild exploitation is likely imminent given the RCE nature.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **Oxygen Builder** plugin version 4.8.1 or lower. Check if authenticated endpoints are exposed. Use vulnerability scanners detecting CWE-94 in PHP contexts.
π§ **No Patch?**: **Disable** the plugin if not essential. Restrict admin access via IP whitelisting. Implement WAF rules to block code injection patterns in POST requests.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **CRITICAL**. High CVSS score + Public PoC + RCE capability. Patch immediately to prevent server takeover. Do not delay!