Description Preview
Overview
CVE-2021-24289 affects the Store Locator Plus WordPress plugin through version 5.5.14. The vulnerability stems from insufficient access controls in the plugin's user meta data handling functionality. Any authenticated user, regardless of their initial permission level, can exploit this vulnerability to modify their user meta data and elevate their privileges to administrator level. This represents a critical security risk as it allows unauthorized users to gain complete control over affected WordPress sites, potentially leading to website compromise, data theft, malware injection, or other malicious activities.
Remediation
Unfortunately, there is no patch available for this vulnerability as the Store Locator Plus plugin has been closed down by its developers. Site administrators using this plugin should:
- Immediately remove the Store Locator Plus plugin from their WordPress installations
- Audit user accounts for any suspicious administrator accounts that may have been created
- Consider implementing a different store locator solution that is actively maintained
- Review server logs for any signs of exploitation
- Consider changing all administrative passwords as a precaution
References
- WPScan Vulnerability Database: https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62
- Wordfence Security Advisory: https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/
- MITRE CVE Record: CVE-2021-24289
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
