Critical CVE-2024-6220 Vulnerability in Keydatas WordPress Plugin Actively Exploited
A critical vulnerability (CVE-2024-6220, CVSS 9.8) in the popular Keydatas (简数采集器) WordPress plugin is being actively exploited, putting thousands of websites at risk of complete takeover. This flaw allows unauthenticated attackers to upload arbitrary files, including malicious code, to vulnerable sites, potentially leading to remote code execution and a complete compromise of the website.
Keydatas, a plugin used for data collection, has over 5,000 active installations. The vulnerability affects all versions up to and including 2.5.2 due to missing file type validation. This means any website running an outdated version is exposed to this critical threat.
Alarmingly, exploitation attempts have surged within days of the vulnerability’s disclosure, with over 8,000 attacks blocked thus far. This highlights the urgency for immediate action to protect vulnerable sites.
Arbitrary file upload vulnerabilities like CVE-2024-6220 can lead to complete site takeovers. By uploading malicious files, attackers can deploy webshells and other malware, gaining full control over the compromised sites. This includes the ability to modify site content, steal sensitive data, and launch further attacks.
In some instances, attackers might exploit this vulnerability in conjunction with other flaws, such as arbitrary plugin installation/activation vulnerabilities. This scenario becomes particularly dangerous if site owners have not changed default passwords or if other security weaknesses exist.
The Keydatas team has released version 2.6.1, which addresses this critical flaw. Website owners using Keydatas are strongly urged to update to this version immediately to mitigate the risk of a complete site takeover.
