1. What is this vulnerability and why does it matter?

This vulnerability, identified as CVE-2024-10486, is an Information Disclosure flaw affecting the Google for WooCommerce plugin for WordPress. It matters because it allows unauthenticated attackers to access a publicly available file, print_php_information.php, which reveals sensitive Webserver and PHP configuration details. This information can be leveraged by attackers to plan and execute further, more sophisticated attacks against the vulnerable system.

2. What are the CVSS score, severity level, and disclosure details?

3. Which products, vendors, systems, and versions are affected?

4. What is the technical root cause and attack vector?

The technical root cause of this vulnerability is the unintended public accessibility of the print_php_information.php file within the Google for WooCommerce plugin. The attack vector involves an unauthenticated attacker directly requesting or navigating to this publicly exposed file. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-862, which refers to Missing Authorization.

5. How can this vulnerability be exploited?

This vulnerability can be exploited by an unauthenticated attacker by simply accessing the publicly available print_php_information.php file within the vulnerable Google for WooCommerce plugin installation on a WordPress site. Upon accessing this file, the attacker will retrieve detailed Webserver and PHP configuration information.

6. What mitigation steps and patches are available?

To mitigate this vulnerability, users should update their Google for WooCommerce plugin to a version greater than 2.8.6 as soon as a patch is released or becomes available. If an immediate update is not possible, temporary mitigation might include restricting direct web access to the print_php_information.php file, for instance, via web server configuration rules (e.g., Apache .htaccess or Nginx configurations) to deny public access to that specific file. However, updating the plugin to a patched version is the recommended and most effective solution.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by:

• Checking the installed version of the Google for WooCommerce plugin within a WordPress installation. If the version is 2.8.6 or older, the system is vulnerable.
• Attempting to directly access the print_php_information.php file in the plugin's directory. If server and PHP configuration information is displayed without authentication, the system is vulnerable.

8. What are the indicators of compromise (IOCs)?

The provided CVE data does not specify direct Indicators of Compromise (IOCs) such as malicious file hashes, specific IP addresses, or network signatures. However, evidence of exploitation could include:

• Unexpected access logs showing requests to print_php_information.php from unfamiliar IP addresses.
• Subsequent anomalous activity on the web server or WordPress site that might indicate an attacker using the disclosed information for further compromise.

9. Which threat actors are known to exploit this vulnerability?

The provided CVE data does not specify any particular threat actors or groups known to be exploiting this vulnerability.

10. What public intelligence references and advisories exist?

11. What is the risk assessment and urgency level?

This vulnerability carries a Medium risk level, as indicated by its CVSS score of 5.3. While it is an information disclosure vulnerability, which typically doesn't allow direct remote code execution, the disclosed Webserver and PHP configuration information can be critical for an attacker performing reconnaissance. This information can reveal software versions, modules, and configurations that might contain other, more severe, vulnerabilities. Therefore, the urgency level for patching or mitigating this vulnerability is Moderate to High, especially for public-facing WordPress sites. Unauthenticated access significantly lowers the bar for exploitation.