# CVE-2021-4374 Testing Environment
Docker-based testing environment for validating the Nuclei template detecting **CVE-2021-4374** (WordPress Automatic Plugin - Broken Access Control vulnerability).
## Overview
This repository provides a complete, reproducible testing environment for security researchers and template developers to validate the CVE-2021-4374 Nuclei template against a real vulnerable WordPress installation.
### Vulnerability Details
- **CVE ID:** CVE-2021-4374
- **Plugin:** WP Automatic ≤ 3.53.2
- **Severity:** Critical (CVSS 9.8)
- **Type:** Broken Access Control (CWE-862)
- **Impact:** Unauthenticated attackers can modify arbitrary WordPress options
## Features
✅ **Real Environment** - Actual WordPress + vulnerable plugin (not mock)
✅ **Isolated** - Docker containers for safe testing
✅ **Reproducible** - Consistent environment across systems
✅ **Documented** - Complete test outputs and validation
✅ **Fast Setup** - One command to start
## Quick Start
### Prerequisites
- Docker (v20.10+)
- Docker Compose (v1.29+ or v2.x)
- Nuclei (latest version)
### Setup
1. **Clone the repository**
```bash
git clone <your-repo-url>
cd CVE-2021-4374-Testing-Package
```
2. **Start the environment**
```bash
./start.sh
```
This will:
- Start WordPress 5.8 with MySQL 5.7
- Install and activate WP Automatic plugin v3.53.2
- Configure everything automatically
3. **Test the template**
```bash
nuclei -t <path-to-template>/CVE-2021-4374.yaml -u http://localhost:8080 -v
```
## Usage
### Basic Commands
```bash
# Start environment
./start.sh
# Stop environment (preserve data)
./stop.sh
# Stop and remove all data
docker compose down -v
# View logs
docker compose logs -f wordpress
# Quick command reference
./QUICK-COMMANDS.sh
```
### WordPress Access
- **URL:** http://localhost:8080/wp-admin
- **Username:** admin
- **Password:** NucleiTest2025!
### Testing Commands
```bash
# Validate template
nuclei -t CVE-2021-4374.yaml -validate
# Test for vulnerability
nuclei -t CVE-2021-4374.yaml -u http://localhost:8080 -v
# Debug mode (see full request/response)
nuclei -t CVE-2021-4374.yaml -u http://localhost:8080 -debug
# False positive test
nuclei -t CVE-2021-4374.yaml -u https://example.com -v
# Manual verification
curl -X POST http://localhost:8080/wp-content/plugins/wp-automatic/process_form.php \
-d "action=update_settings&wp_automatic_option=test"
```
## Test Results
See **[output.md](output.md)** for complete test outputs including:
- Template validation results
- Vulnerability detection (TRUE POSITIVE)
- Debug mode with full HTTP request/response
- False positive tests
- Manual verification
- Environment status
**Summary:**
- ✅ Vulnerability detected successfully
- ✅ No false positives
- ✅ Performance: ~21ms per scan
- ✅ All tests passed
## Architecture
```
CVE-2021-4374-Testing-Package/
├── README.md # This file
├── output.md # Complete test outputs
├── docker-compose.yml # Docker configuration
├── start.sh # Environment startup script
├── stop.sh # Environment shutdown script
├── QUICK-COMMANDS.sh # Command reference
├── SETUP-INSTRUCTIONS.md # Detailed setup guide
└── vulnerable-plugin/ # WP Automatic plugin
└── wp-automatic/
├── wp-automatic.php # Plugin main file
├── process_form.php # Vulnerable file (CVE-2021-4374)
└── readme.txt # Plugin info
```
## Security Notes
⚠️ **This environment contains a known vulnerability**
**For use only in:**
- Security research
- Template testing
- Educational purposes
- Controlled lab environments
**DO NOT:**
- Expose to the internet
- Use in production
- Test against unauthorized targets
## Troubleshooting
### Plugin Not Found (404)
```bash
docker cp ./vulnerable-plugin/wp-automatic wp-automatic-wordpress:/var/www/html/wp-content/plugins/
docker compose restart
```
### WordPress Not Loading
```bash
docker compose restart
sleep 60
curl http://localhost:8080
```
### Port 8080 Already in Use
Edit `docker-compose.yml` and change the port:
```yaml
ports:
- "9090:80" # Change 8080 to any available port
```
See **[SETUP-INSTRUCTIONS.md](SETUP-INSTRUCTIONS.md)** for more troubleshooting.
## Environment Details
| Component | Version |
|-----------|---------|
| WordPress | 5.8 |
| MySQL | 5.7 |
| PHP | 7.4.27 |
| Apache | 2.4.51 |
| WP Automatic | 3.53.2 (vulnerable) |
## Validation Results
The template has been validated with:
- ✅ Syntax validation passed
- ✅ TRUE POSITIVE: Detects vulnerable installations
- ✅ FALSE NEGATIVE: None
- ✅ FALSE POSITIVE: None (tested against example.com)
- ✅ Performance: 21-24ms per scan
## Contributing
Issues and improvements are welcome! Please:
1. Test your changes
2. Document any modifications
3. Follow security best practices
## References
- [CVE-2021-4374 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2021-4374)
- [Security Advisory](https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/)
- [WPScan Database](https://wpscan.com/plugin/wp-automatic)
- [Nuclei Documentation](https://docs.projectdiscovery.io/)
## License
This testing environment is provided for educational and security research purposes only. Use responsibly and ethically.
## Disclaimer
This is a **minimal recreation** of the vulnerable plugin components for testing purposes. It is **NOT** the actual commercial WP Automatic plugin. The recreation contains only the necessary code to demonstrate CVE-2021-4374.
All testing should be conducted in controlled environments with proper authorization.
---
**Author:** pranjal-negi
**Date:** 2025-11-10
**Status:** Validated and Production-Ready
[4.0K] /data/pocs/7f974242a9d958a1ac186d6fe0f614a870bf8926
├── [ 944] docker-compose.yml
├── [8.0K] output.md
├── [5.8K] README.md
├── [4.7K] SETUP-INSTRUCTIONS.md
├── [3.6K] start.sh
├── [ 922] stop.sh
└── [4.0K] vulnerable-plugin
├── [2.7K] process_form.php
├── [1.3K] readme.txt
├── [4.0K] wp-automatic
│ ├── [2.7K] process_form.php
│ └── [1.3K] readme.txt
└── [1.1K] wp-automatic.php
3 directories, 11 files