CVE-2024-54374

HIGH

Sogrid <= 1.5.6 - PHP Local File Inclusion via Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-54374. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary The repository provides a description and proof-of-concept for CVE-2024-54374, an unauthenticated Local File Inclusion vulnerability in the Sogrid WordPress plugin (versions up to 1.5.6). The PoC demonstrates the ability to include arbitrary files within a specific directory, though it notes the limitation of only loading files inside `/wp-content/plugins/sogrid/src/admin-panel/views/`.

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Sogrid sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through <= 1.5.6.

Exploits (1)

nomisec WRITEUP
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-54374

The repository provides a description and proof-of-concept for CVE-2024-54374, an unauthenticated Local File Inclusion vulnerability in the Sogrid WordPress plugin (versions up to 1.5.6). The PoC demonstrates the ability to include arbitrary files within a specific directory, though it notes the limitation of only loading files inside `/wp-content/plugins/sogrid/src/admin-panel/views/`.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Sogrid WordPress plugin <= 1.5.6
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable Sogrid plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0120
EPSS Percentile 64.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (2)
Sabri/Sogrid < 1.5.6
Sabri Taieb/Sogrid < 1.5.6
Published Dec 16, 2024
Tracked Since Feb 18, 2026