CVE-2024-45712

LOW

SolarWinds Serv-U < 15.5.1 - Authenticated Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-45712. PoCs published by tdawg506, Teexo.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting WooCommerce installations and testing for CVE-2024-45712, an unauthenticated privilege escalation vulnerability. It checks for the WooCommerce REST API, attempts version detection, and tests for vulnerability by creating a test order.

Description

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.

Exploits (2)

nomisec SCANNER
by tdawg506 · poc
https://github.com/tdawg506/woocommerce_scanner

This repository contains a Python-based scanner for detecting WooCommerce installations and testing for CVE-2024-45712, an unauthenticated privilege escalation vulnerability. It checks for the WooCommerce REST API, attempts version detection, and tests for vulnerability by creating a test order.

Classification
Scanner 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: WooCommerce (WordPress plugin)
No auth needed
Prerequisites: WooCommerce REST API enabled · WooCommerce version vulnerable to CVE-2024-45712
devstral-2 · analyzed May 10, 2026 Full analysis →
nomisec SCANNER
by Teexo · poc
https://github.com/Teexo/woocommerce_scanner

This repository contains a Python-based scanner for detecting WooCommerce installations and testing for CVE-2024-45712, an unauthenticated privilege escalation vulnerability. It checks for the WooCommerce REST API, attempts version detection, and tests for vulnerability by creating a test order.

Classification
Scanner 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: WooCommerce (WordPress plugin)
No auth needed
Prerequisites: Target must have WooCommerce REST API enabled · Target must be vulnerable to CVE-2024-45712
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 2.6
EPSS 0.0031
EPSS Percentile 22.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
solarwinds/serv-u < 15.5.1
Published Apr 15, 2025
Tracked Since Feb 18, 2026