CVE-2024-27954

CRITICAL EXPLOITED NUCLEI

WP Automatic <3.92.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-27954 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including gh-ost00, chsxthwik, r0otk3r. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-27954, targeting a path traversal vulnerability in the WP Automatic WordPress plugin. The exploit creates an administrator user via SQL injection, demonstrating remote code execution capabilities.

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.

Exploits (4)

nomisec WORKING POC 4 stars
by gh-ost00 · remote
https://github.com/gh-ost00/CVE-2024-27954

This repository contains a functional exploit for CVE-2024-27954, targeting a path traversal vulnerability in the WP Automatic WordPress plugin. The exploit creates an administrator user via SQL injection, demonstrating remote code execution capabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WP Automatic WordPress Plugin (versions up to 3.92.0)
No auth needed
Prerequisites: Target must have the vulnerable WP Automatic plugin installed · Target must be accessible via HTTP/HTTPS
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 1 stars
by chsxthwik · poc
https://github.com/chsxthwik/CVE-2024-27954

This repository provides a writeup and detection queries for CVE-2024-27954, a path traversal and SSRF vulnerability in the WP Automatic plugin up to version 3.92.0. It includes installation instructions and Nuclei template usage for scanning.

Classification
Writeup 90%
Attack Type
Ssrf | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: WP Automatic plugin <= 3.92.0
No auth needed
Prerequisites: Access to the target WordPress site with WP Automatic plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by r0otk3r · infoleak
https://github.com/r0otk3r/CVE-2024-27954

This repository contains a Python-based scanner for CVE-2024-27954, an LFI vulnerability in the WordPress wp-automatic plugin. The script tests for file inclusion via the `file://` scheme and supports multithreaded scanning with proxy and output options.

Classification
Working Poc | Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress wp-automatic plugin
No auth needed
Prerequisites: Target running vulnerable wp-automatic plugin · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb SCANNER
infoleak
https://github.com/Quantum-Hacker/CVE-2024-27954

The repository contains a Nuclei template for detecting CVE-2024-27954, a path traversal and SSRF vulnerability in the WP Automatic plugin. The template sends a crafted request to download /etc/passwd and checks for a successful response.

Classification
Scanner 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: WP Automatic Plugin <3.92.1
No auth needed
Prerequisites: Target running WP Automatic Plugin <3.92.1
devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

References (1)

Core 1

Scores

CVSS v3 9.3
EPSS 0.7295
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2024-03-29
CWE
CWE-22
Status published
Products (1)
WP Automatic/Automatic < 3.92.0
Published May 17, 2024
Tracked Since Feb 18, 2026