CVE-2024-3552

CRITICAL NUCLEI LAB

Web Directory Free WP <1.7.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-3552. PoCs published by KiPhuong. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a Docker-based challenge environment for CVE-2024-3552, simulating a vulnerable WordPress setup with the Akismet plugin. The exploit likely targets a vulnerability in the Akismet plugin, though the specific exploit code is not directly visible in the provided files.

Description

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.

Exploits (2)

nomisec WORKING POC

by KiPhuong · poc

https://github.com/KiPhuong/challenge-cve-2024-3552

View Code ZIP pw:eip

This repository provides a Docker-based challenge environment for CVE-2024-3552, simulating a vulnerable WordPress setup with the Akismet plugin. The exploit likely targets a vulnerability in the Akismet plugin, though the specific exploit code is not directly visible in the provided files.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: WordPress with Akismet plugin

No auth needed

Prerequisites: Docker environment · WordPress 5.8 · Akismet plugin

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP

by KiPhuong · poc

https://github.com/KiPhuong/cve-2024-3552

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-3552, a SQL Injection vulnerability in the Web Directory Free WordPress plugin before version 1.7.0. It includes a root cause analysis, proof-of-concept payloads, and sqlmap verification, demonstrating the vulnerability in the `w2dc_ajax_controller` class's `get_map_marker_info` function.

Classification

Writeup 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Web Directory Free WordPress Plugin < 1.7.0

No auth needed

Prerequisites: WordPress installation with vulnerable plugin version · Access to the WordPress admin-ajax.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Web Directory Free < 1.7.0 - SQL Injection

CRITICALVERIFIEDby s4e-io

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/34b03ee4-de81-4fec-9f3d-e1bd5b94d136/

Scores

CVSS v3 9.8

EPSS 0.6729

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull wordpress:5.8

https://github.com/KiPhuong/cve-2024-3552

https://github.com/KiPhuong/challenge-cve-2024-3552

View in Library

Details

CWE

CWE-89

Status published

Products (1)

salephpscripts/web_directory_free < 1.7.0

Published Jun 13, 2024

Tracked Since Feb 18, 2026