CVE-2024-2848: Actively Exploited Vulnerability Found in Popular Responsive WordPress Theme
A serious security flaw has been identified in the Responsive WordPress theme, a popular template choice for various website types including blogs, e-commerce sites, and educational platforms. Currently, the theme boasts over 30,000 active installations, all of which are potentially at risk due to an actively exploited vulnerability.
The security issue, cataloged as CVE-2024-2848 with a CVSS score of 7.5, involves a missing authorization check within the save_footer_text_callback function. This flaw affects all versions up to and including 5.0.2 and permits unauthenticated attackers to inject arbitrary HTML content into the website’s footer. The consequence of this vulnerability can be severe, allowing attackers to redirect visitors to malicious websites or display unauthorized and potentially harmful content.
Attackers are leveraging this flaw to manipulate the footer content of websites using the Responsive theme, inserting malicious links and scripts. These modifications are typically designed to redirect visitors to harmful websites, compromising the security of the site and its users.
“There are active attacks exploiting this vulnerability, redirecting page visitors to malicious websites,” a researcher warns.
The attack targets the footer-copyright option within the WordPress options table. By altering this field, attackers can persistently include harmful content in the footer across all pages of the website. This type of attack not only damages the integrity and reputation of the website but also poses a significant risk to website visitors.
The developers behind the Responsive theme have promptly addressed the CVE-2024-2848 vulnerability by releasing version 5.0.3, which includes the necessary security enhancements to prevent unauthorized data modification. Website administrators using the Responsive theme are urged to upgrade to this latest version immediately to protect their sites from ongoing attacks.
Unfortunately, even after updating, attackers may have already altered your footer. Look for unexpected links, suspicious code, or anything out of the ordinary. You’ll likely need to check the “footer-copyright” option in your WordPress database directly to ensure there’s no malicious content.