CVE-2024-22144: Critical Flaw in Popular WordPress Security Plugin Exposes 200,000+ Sites
Security researcher ‘stealthcopter‘ has exposed a severe security hole in the widely used WordPress Anti-Malware Security and Brute-Force Firewall plugin (GOTMLS). This vulnerability, labeled CVE-2024-22144 with a “Critical” CVSS score of 9.0, could allow unauthenticated attackers to take complete control of vulnerable websites.
How the Attack Works
- Leak Leads to Access: The initial vulnerability involves unprotected functions leaking sensitive data. This allows attackers to brute-force keys used for access to further features within the plugin.
- Dangerous Definitions: Attackers can manipulate the plugin’s “malware definition” update mechanism. This lets them target specific WordPress source code files for deletion.
- Code Execution by Injecting Malicious Malware Rules: By selectively removing code, attackers can inject their commands, effectively hijacking the web server.
What This Means for Site Owners
- Unseen Access: With no login required, hackers could quietly gain a backdoor into your website.
- Complete Compromise: This includes data theft, defacement, spreading malware to visitors, and even using your site in large-scale attacks.
Patchstack’s Role
The disclosure of this vulnerability by the security platform Patchstack, complete with technical details, serves as a stark reminder of the importance of maintaining up-to-date security measures on websites. WordPress site owners and administrators are urged to ensure that their installations of the “Anti-Malware Security and Brute-Force Firewall” plugin are updated to the latest version, safeguarding their digital assets against unauthorized access and control by malicious actors.
The Plugin’s Popularity Amplifies the Danger
With over 200,000 active installations, CVE-2024-22144 represents a huge attack surface for cybercriminals. Any site using the “Anti-Malware Security and Brute-Force Firewall” plugin is potentially at risk.
Action is Essential
- Update Immediately: If you use this plugin, update to version 4.23.56 or later without delay. This version contains the fix.
- Verify Your Site: Scans for suspicious code, unauthorized changes, or malware presence are recommended even after updating.
