CVE-2024-3812 is a Local File Inclusion vulnerability classified under CWE-98, affecting the Salient Core plugin for WordPress, specifically versions up to and including 2.0.7. The vulnerability arises from improper control of filenames used in include or require statements within the plugin's 'nectar_icon' shortcode, particularly the 'icon_linea' attribute. Authenticated attackers with contributor-level or higher permissions can manipulate this attribute to include arbitrary files from the server filesystem. If an attacker can upload PHP files (e.g., via other plugin vulnerabilities or misconfigurations), they can execute arbitrary PHP code, effectively achieving remote code execution. This flaw allows bypassing of access controls and can lead to full compromise of the affected WordPress site. Exploitation requires network access and valid credentials with contributor or higher privileges, but no additional user interaction is needed. The vulnerability has a CVSS v3.1 base score of 7.5, indicating high severity due to its impact on confidentiality, integrity, and availability. Although no known exploits are reported in the wild, the risk is significant given WordPress's widespread use and the common presence of the Salient Core plugin in many websites. The vulnerability was publicly disclosed on May 18, 2024, and no official patch links are currently provided, emphasizing the need for immediate mitigation steps.

The impact of CVE-2024-3812 is substantial for organizations using the Salient Core plugin on WordPress. Successful exploitation can lead to remote code execution, allowing attackers to execute arbitrary PHP code on the server. This can result in full site compromise, including data theft, defacement, installation of backdoors, or pivoting to other internal systems. Confidentiality is at risk due to potential data exposure, integrity is compromised by unauthorized code execution, and availability can be affected if attackers disrupt services or deploy ransomware. Since contributor-level access is sufficient, attackers may leverage compromised or weak user credentials to exploit this vulnerability. Organizations with public-facing WordPress sites using this plugin are at risk of targeted attacks, especially those in sectors with high-value data or critical web infrastructure. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future exploitation. The vulnerability's presence in all plugin versions up to 2.0.7 increases the attack surface globally.

To mitigate CVE-2024-3812, organizations should first check for and apply any official patches or updates from ThemeNectar once available. In the absence of an official patch, immediate steps include restricting contributor-level permissions to trusted users only and auditing user accounts for suspicious activity. Disable or remove the Salient Core plugin if it is not essential. Implement web application firewall (WAF) rules to detect and block attempts to exploit the 'nectar_icon' shortcode parameters. Harden file upload mechanisms to prevent uploading of executable PHP files, and restrict file system permissions to limit the plugin's ability to include arbitrary files. Monitor server logs for unusual include or require calls and anomalous PHP executions. Conduct regular security assessments and vulnerability scans focused on WordPress plugins. Additionally, consider isolating WordPress instances in segmented network zones to limit lateral movement in case of compromise.