CVE-2024-1860 is a vulnerability classified under CWE-862 (Missing Authorization) found in the WordPress plugin 'Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan' developed by sminozzi. The issue stems from the antihacker_add_whitelist() function lacking proper capability checks, which means that any unauthenticated attacker can invoke this function to add their IP address to the plugin's whitelist. The whitelist is intended to exempt trusted IPs from security restrictions such as login lockdowns or user enumeration protections. By adding their IP, attackers can bypass these defenses, enabling them to perform brute force attacks, enumeration, or other malicious activities without being blocked. The vulnerability affects all versions up to 4.51, with no patches currently available. The CVSS v3.1 score is 6.5 (medium), reflecting the network attack vector, no required privileges or user interaction, and limited impact on confidentiality and integrity but no impact on availability. The vulnerability does not require authentication, making it easier to exploit remotely. Although no active exploits are known, the flaw presents a significant risk to WordPress sites relying on this plugin for security hardening.

The primary impact of this vulnerability is the unauthorized modification of the plugin's whitelist, which can allow attackers to circumvent critical security protections such as login lockdown and user enumeration prevention. This can lead to increased risk of brute force attacks, credential stuffing, and reconnaissance activities against WordPress sites. Confidentiality may be compromised if attackers successfully enumerate users or gain access through brute force attempts that would otherwise be blocked. Integrity is also at risk because attackers can manipulate access controls to evade detection and restrictions. While availability is not directly impacted, successful exploitation can lead to further attacks that may degrade service or compromise the site. Organizations worldwide using this plugin are at risk of targeted or opportunistic attacks, especially those with high-value WordPress installations or sensitive data. The ease of exploitation and lack of authentication requirements increase the threat level, particularly for sites that rely heavily on this plugin for security.

1. Immediately update the plugin once a patch is released by the vendor to include proper authorization checks in the antihacker_add_whitelist() function. 2. Until a patch is available, consider disabling or uninstalling the plugin to prevent exploitation. 3. Implement additional network-level protections such as web application firewalls (WAFs) to detect and block suspicious requests attempting to manipulate the whitelist. 4. Monitor WordPress logs and plugin activity for unusual IP whitelist additions or other anomalous behavior. 5. Restrict administrative access to the WordPress backend using IP whitelisting or VPNs to reduce exposure. 6. Employ multi-factor authentication (MFA) for WordPress admin accounts to mitigate the impact of brute force attacks. 7. Regularly audit plugin permissions and configurations to ensure no unauthorized changes have been made. 8. Educate site administrators about this vulnerability and encourage vigilance for suspicious activity related to login lockdown and enumeration protections.