CVE-2024-27954

CRITICAL EXPLOITED NUCLEI

WP Automatic <3.92.0 - Path Traversal

Title source: llm

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.

Exploits (4)

nomisec WORKING POC 4 stars

by gh-ost00 · remote

https://github.com/gh-ost00/CVE-2024-27954

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by chsxthwik · poc

https://github.com/chsxthwik/CVE-2024-27954

View Code ZIP pw:eip

nomisec WORKING POC

by r0otk3r · infoleak

https://github.com/r0otk3r/CVE-2024-27954

View Code ZIP pw:eip

vulncheck_xdb SCANNER

infoleak

https://github.com/Quantum-Hacker/CVE-2024-27954

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

References (1)

[Third Party Advisory] https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-file-download-and-ssrf-vulnerability?_s_id=cve

Scores

CVSS v3 9.3

EPSS 0.9278

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Details

VulnCheck KEV 2024-03-29

CWE

CWE-22

Status published

Products (1)

WP Automatic/Automatic < 3.92.0

Published May 17, 2024

Tracked Since Feb 18, 2026