.. / CVE-2024-27954

Exploit for WordPress Plugin Automatic < 3.92.1 - Unauthenticated Server-Side Request Forgery (CVE-2024-27954)

Description:

WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-27954.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-27954.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-27954
https://wpscan.com/vulnerability/53b97401-1352-477b-a69a-680b01ef7266/
https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954