CVE-2024-12583

CRITICAL LAB

Dynamics 365 Integration plugin - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-12583. PoCs published by pouriam23.

AI-analyzed exploit summary The repository contains only a docker-compose.yml file for setting up a WordPress environment, with no exploit code or technical details about CVE-2024-12583. It appears to be a placeholder or setup for testing but lacks any functional exploit or analysis.

Description

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Exploits (1)

nomisec STUB
by pouriam23 · poc
https://github.com/pouriam23/CVE-2024-12583

The repository contains only a docker-compose.yml file for setting up a WordPress environment, with no exploit code or technical details about CVE-2024-12583. It appears to be a placeholder or setup for testing but lacks any functional exploit or analysis.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: WordPress (version unspecified)
No auth needed
Prerequisites: Docker environment
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.9
EPSS 0.0137
EPSS Percentile 68.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Lab Environment

COMMUNITY SUSPICIOUS
Community Lab
docker pull wordpress:latest

Details

CWE
CWE-1336
Status published
Products (1)
alexacrm/Dynamics 365 Integration < 1.3.23
Published Jan 04, 2025
Tracked Since Feb 18, 2026