daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2024-27954.yaml

patch-1
Ritik Chaddha 2024-03-22 21:13:51 +05:30 committed by GitHub
parent 6b95b67b09
commit 0e6e1450ec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
http/cves/2024/CVE-2024-27954.yaml
View File

@ -1,14 +1,19 @@
id: CVE-2024-27954
info:
name: WordPress Automatic plugin - Arbitrary File Download and SSRF
name: WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
Unauthenticated Arbitrary File Download and SSRF. Located in the downloader.php file, this vulnerability also discovered by Rafie Muhammad, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. Thankfully, this vulnerability too has been patched in version 3.92.1.
WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.
reference:
- https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954
classification:
cve-id: CVE-2024-27954
metadata:
max-request: 1
verified: true
tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf
http: