CVE-2024-3673

CRITICAL NUCLEI

Web Directory Free <1.7.3 - Code Injection

Title source: llm

Description

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.

Exploits (3)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/WordPress_WebDirectoryFree(CVE-2024-3673).py

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-3673

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-3673

View Code ZIP pw:eip

Nuclei Templates (1)

Web Directory Free < 1.7.3 - Local File Inclusion

CRITICALVERIFIEDby s4e-io

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/

Scores

CVSS v3 9.1

EPSS 0.9204

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Classification

Status published

Affected Products (1)

salephpscripts/web_directory_free < 1.7.3

Timeline

Published Aug 30, 2024

Tracked Since Feb 18, 2026