A critical remote code execution vulnerability has been identified in the Sneeit Framework plugin for WordPress. This flaw allows unauthenticated attackers to take complete control of an affected website by executing arbitrary code, potentially leading to data theft, website defacement, or the installation of malicious backdoors. Due to the high severity and ease of exploitation, immediate remediation is required to prevent a compromise.

The vulnerability exists within the sneeit_articles_pagination_callback() function. This function improperly handles user-supplied input by passing it directly to the call_user_func() PHP function without sufficient sanitization. An unauthenticated attacker can craft a malicious request that leverages this flaw to call arbitrary PHP functions on the server, such as system() or shell_exec(), allowing them to execute operating system commands with the privileges of the web server process.

This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant and immediate threat to the business. Successful exploitation could lead to a full server compromise, resulting in the theft of sensitive customer data, intellectual property, and payment information. Attackers could deface the website, inject malware to attack site visitors, create rogue administrative accounts, or use the compromised server as a pivot point for further attacks on the internal network. Such an incident would cause severe reputational damage, loss of customer trust, and potential financial and legal repercussions.

Immediate Action: Immediately update the Sneeit Framework plugin to the latest version provided by the vendor, which addresses this vulnerability. After patching, it is crucial to review the WordPress installation for any signs of compromise, such as new administrative users, unexpected files, or suspicious scheduled tasks.

Proactive Monitoring: Monitor web server access logs for unusual requests to WordPress's AJAX handler (admin-ajax.php) that reference the sneeit_articles_pagination_callback action. Scrutinize logs for payloads attempting to call suspicious functions like system, exec, passthru, shell_exec, or eval. Monitor for unexpected outbound network connections from the web server and use file integrity monitoring to detect unauthorized changes to core WordPress or plugin files.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to block malicious payloads targeting the call_user_func() function in this plugin. As a last resort, disable the Sneeit Framework plugin until it can be safely updated.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the unauthenticated nature of this remote code execution vulnerability, we recommend treating this as an emergency. Organizations must apply the vendor-supplied patch to all affected WordPress instances immediately. Due to the high likelihood of future exploitation, this vulnerability should be prioritized above all other routine patching activities to prevent a complete system compromise.