CVE-2024-10486 Scanner
CVE-2024-10486 Scanner - Information Disclosure vulnerability in Google for WooCommerce
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
11 days 16 hours
Scan only one
URL
Toolbox
-
Google for WooCommerce is a WordPress plugin that integrates Google services with WooCommerce-powered online stores. It helps merchants manage product listings, ads, and performance metrics across Google’s platforms directly from the WordPress dashboard. The plugin is popular among e-commerce websites aiming to enhance their visibility through Google Shopping and Ads. By bridging WooCommerce and Google Merchant Center, it simplifies ad placement and product feed management. Website administrators rely on it for automation, insights, and seamless ad campaign management. Given its integration with both WordPress and Google ecosystems, the plugin is widely adopted and regularly updated.
This scanner identifies an Information Disclosure vulnerability in Google for WooCommerce plugin versions up to and including 2.8.6. The issue stems from the presence of a publicly accessible PHP script that outputs detailed PHP and server configuration data. Unauthenticated attackers can exploit this file to gather insights about the hosting environment. Disclosed information includes PHP version, enabled extensions, server modules, and other environment-specific details. Such information can aid attackers in crafting more targeted attacks. The vulnerability does not require authentication, which significantly broadens the attack surface.
The vulnerability resides in the `print_php_information.php` script located in the plugin directory under `vendor/googleads/google-ads-php/scripts/`. This file, when accessed directly via HTTP GET requests, returns PHP configuration data akin to the output of the `phpinfo()` function. Attackers can retrieve this information simply by navigating to the file’s URL on a vulnerable site. The scanner detects this issue by making a request to the file path and confirming the presence of known `phpinfo()` output markers such as "PHP Extension" and "PHP Version". A valid HTTP 200 response confirms the vulnerability.
If exploited, the vulnerability may lead to indirect compromise of the system through informed attacks. Knowledge of PHP version and server modules can help an attacker choose specific exploits or identify weaknesses such as outdated libraries or misconfigurations. The exposed information may also include sensitive environment settings or paths. Though this vulnerability does not allow direct code execution, it serves as a reconnaissance vector in a broader attack chain. It weakens the system's security posture by exposing internal configurations to unauthenticated users.
REFERENCES
- https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/google-listings-and-ads/google-for-woocommerce-286-information-disclosure-via-publicly-accessible-php-info-file
