CVE-2024-8252 is a Local File Inclusion vulnerability classified under CWE-98, affecting the Clean Login plugin for WordPress developed by hornero. The flaw exists in all versions up to and including 1.14.5 and arises from improper control of the filename used in the include/require statement within the 'template' attribute of the clean-login-register shortcode. Authenticated attackers with Contributor-level permissions or higher can exploit this vulnerability by manipulating the 'template' parameter to include arbitrary files from the server. This inclusion allows execution of any PHP code contained within those files, effectively enabling remote code execution. The vulnerability is particularly dangerous because it can be exploited by users with relatively low privileges and does not require additional user interaction. Attackers can upload files disguised as images or other safe file types and then include these files via the vulnerable parameter to execute malicious code. This can lead to bypassing access controls, data exfiltration, and full system compromise. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability with network attack vector, low attack complexity, and privileges required but no user interaction. Although no known exploits have been reported in the wild, the vulnerability's nature and ease of exploitation make it a critical risk for affected WordPress sites.

The impact of CVE-2024-8252 is severe for organizations using the affected Clean Login plugin on WordPress sites. Exploitation can lead to remote code execution, allowing attackers to execute arbitrary PHP code on the server. This can result in complete compromise of the web server, including unauthorized access to sensitive data, modification or deletion of content, installation of backdoors or malware, and lateral movement within the network. Since the vulnerability can be exploited by users with Contributor-level access, it lowers the barrier for attackers who may have gained limited access through other means such as phishing or weak credentials. The ability to bypass access controls and execute code without user interaction increases the risk of automated or stealthy attacks. Organizations relying on WordPress for critical business functions, e-commerce, or customer data management are particularly at risk. The widespread use of WordPress globally means that many organizations could be affected, potentially leading to data breaches, service disruptions, reputational damage, and regulatory consequences.

To mitigate CVE-2024-8252, organizations should immediately update the Clean Login plugin to a patched version once available from the vendor. Until a patch is released, administrators should consider disabling or removing the Clean Login plugin to eliminate the attack surface. Restrict Contributor-level and higher permissions to trusted users only, and audit existing user roles to minimize unnecessary privileges. Implement Web Application Firewall (WAF) rules to detect and block attempts to manipulate the 'template' parameter or suspicious file inclusion patterns. Monitor server logs for unusual file access or inclusion attempts related to the plugin. Enforce strict file upload validation and sanitization to prevent uploading of malicious PHP code disguised as safe file types. Employ security plugins that can detect and quarantine malicious files on WordPress installations. Regularly back up website data and configurations to enable recovery in case of compromise. Finally, conduct security awareness training for users with elevated privileges to reduce the risk of credential compromise.