CVE-2024-54330

HIGH NUCLEI

Hurrakify <= 2.4 - Server-Side Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-54330. PoCs published by RandomRobbieBF. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a proof-of-concept for an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the Hurrakify WordPress plugin (versions up to and including 2.4). The PoC demonstrates how an attacker can exploit the plugin to make arbitrary web requests from the server.

Description

Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-54330

This repository contains a proof-of-concept for an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the Hurrakify WordPress plugin (versions up to and including 2.4). The PoC demonstrates how an attacker can exploit the plugin to make arbitrary web requests from the server.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: Hurrakify WordPress plugin <= 2.4
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable Hurrakify plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Hurrakify <= 2.4 - Server-Side Request Forgery
HIGHVERIFIEDby s4e-io
Shodan: http.html:"wp-content/plugins/hurrakify"
FOFA: body="wp-content/plugins/hurrakify"

References (2)

Core 2

Scores

CVSS v3 7.2
EPSS 0.7253
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (2)
Hep Hep Hurra (HHH)/Hurrakify < 2.4
hurraki/Hurrakify < 2.4
Published Dec 13, 2024
Tracked Since Feb 18, 2026