This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Arbitrary Code Injection via Shortcode Execution. <br>π₯ **Consequences**: Attackers can run malicious PHP code on the server. This leads to full site compromise, data theft, or server takeover.β¦
π‘οΈ **Root Cause**: CWE-94 (Code Injection). <br>π **Flaw**: The `wp_ajax_nopriv_shortcode_Api_Add` function fails to validate input before passing it to `do_shortcode`.β¦
π¦ **Affected**: WordPress Plugin: **The WP Popup Builder**. <br>π **Versions**: All versions **up to and including 1.3.5**. <br>π’ **Vendor**: Themehunk. If you use this plugin, you are at risk.
β‘ **Threshold**: **Extremely Low**. <br>π« **Auth**: None required (Unauthenticated). <br>βοΈ **Config**: Low Complexity. <br>π€ **UI**: None needed. Any internet user can trigger this via AJAX calls.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit Available**: **YES**. <br>π **PoC**: Publicly available on GitHub (RandomRobbieBF). <br>π€ **Automation**: Nuclei templates exist for automated scanning. <br>π **Status**: Actively exploitable in the wild.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Scan for `wp_ajax_nopriv_shortcode_Api_Add` in AJAX requests. <br>2. Check plugin version in WordPress admin. <br>3. Use Nuclei or similar scanners with CVE-2024-9061 templates. <br>4.β¦
π§ **No Patch Workaround**: <br>1. **Disable/Deactivate** the plugin immediately if not needed. <br>2. **Restrict Access**: Block AJAX endpoints via WAF or `.htaccess` if possible. <br>3.β¦
π₯ **Urgency**: **HIGH**. <br>β οΈ **Priority**: **Critical**. <br>π **Reason**: Unauthenticated RCE is a top-tier threat. Exploits are public and easy to use. Patch immediately to prevent server compromise.