CVE-2024-12331 is a vulnerability classified under CWE-862 (Missing Authorization) found in the File Manager Pro – Filester plugin for WordPress, affecting all versions up to and including 1.8.6. The root cause is the absence of a capability check in the 'ajax_install_plugin' function, which is responsible for installing plugins via AJAX requests. This missing authorization allows any authenticated user with at least Subscriber-level privileges to invoke this function and install the Filebird plugin without proper permissions. Since Subscriber-level users typically have minimal privileges, this vulnerability effectively elevates their ability to modify the WordPress environment by adding plugins, which could be leveraged for further attacks such as privilege escalation, persistence, or code execution if the installed plugin is malicious or vulnerable. The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network. The CVSS v3.1 base score is 4.3, indicating medium severity, with the vector reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality impact, limited integrity impact, and no availability impact. No patches or fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability was published on December 19, 2024, and was assigned by Wordfence. The lack of authorization checks is a common security oversight that can lead to unauthorized modifications and potential compromise of WordPress sites using this plugin.

The primary impact of CVE-2024-12331 is unauthorized modification of the WordPress environment by users with Subscriber-level access or higher. This can lead to the installation of additional plugins without administrative approval, potentially enabling privilege escalation, persistence mechanisms, or introduction of malicious code if the installed plugins are compromised or malicious. While confidentiality and availability are not directly affected, the integrity of the WordPress site is at risk. Organizations relying on this plugin may face increased risk of site defacement, data manipulation, or further exploitation through chained vulnerabilities. The vulnerability could be exploited by insider threats or compromised low-privilege accounts. Given WordPress's widespread use globally, especially in small to medium businesses and content-driven sites, the threat surface is significant. However, the requirement for authenticated access limits exploitation to environments where user accounts are not tightly controlled or where attackers have obtained credentials.

To mitigate CVE-2024-12331, organizations should immediately restrict Subscriber-level user capabilities to the minimum necessary and audit existing user accounts for suspicious activity or privilege misuse. Administrators should monitor plugin installation activities and implement logging and alerting for unauthorized plugin installations. Since no official patch is currently linked, consider temporarily disabling or removing the File Manager Pro – Filester plugin until a fix is released. Employ web application firewalls (WAFs) with custom rules to detect and block unauthorized AJAX requests targeting the 'ajax_install_plugin' function. Additionally, enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of compromised low-privilege accounts. Regularly update WordPress core and plugins to the latest versions once patches become available. Conduct security awareness training to minimize credential compromise risks. Finally, consider isolating WordPress administrative interfaces behind VPNs or IP allowlists to reduce exposure.