CVE-2024-33644

CRITICAL

WPCustomify Customify Site Library <0.0.9 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-33644. PoCs published by Akshath-Nagulapally.

AI-analyzed exploit summary The repository contains only a README file with a brief description of reproducing CVEs using Docker, but no actual exploit code or technical details are provided.

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.

Exploits (1)

nomisec STUB

by Akshath-Nagulapally · poc

https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally

View Code ZIP pw:eip

The repository contains only a README file with a brief description of reproducing CVEs using Docker, but no actual exploit code or technical details are provided.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unspecified

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/customify-sites/wordpress-customify-site-library-plugin-0-0-9-remote-code-execution-rce-vulnerability?_s_id=cve

Scores

CVSS v3 9.9

EPSS 0.0111

EPSS Percentile 61.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

WPCustomify/Customify Site Library < 0.0.9

Published May 17, 2024

Tracked Since Feb 18, 2026