CVE-2024-5932

Exploitation Summary

CVE-2024-5932 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 8 public exploits from researchers including EQSTLab, 0xb0mb3r, OxLmahdi, including a Metasploit module exploits/multi/http/wp_givewp_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional exploit for CVE-2024-5932, targeting an unauthenticated PHP Object Injection vulnerability in GiveWP. The PoC constructs a malicious serialized payload to achieve remote code execution via deserialization.

Description

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.

Exploits (8)

nomisec WORKING POC 76 stars

by EQSTLab · remote

https://github.com/EQSTLab/CVE-2024-5932

View Code ZIP pw:eip

This is a functional exploit for CVE-2024-5932, targeting an unauthenticated PHP Object Injection vulnerability in GiveWP. The PoC constructs a malicious serialized payload to achieve remote code execution via deserialization.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GiveWP Donation Plugin and Fundraising Platform (versions up to and including 3.14.1)

No auth needed

Prerequisites: Target must have the vulnerable GiveWP plugin installed and active · The 'give_title' parameter must be accessible and unfiltered

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC 3 stars

by 0xb0mb3r · pythonpoc

https://github.com/0xb0mb3r/CVE-2024-8353-PoC

View Code ZIP pw:eip

This repository contains a functional Python exploit script and a PHP payload for CVE-2024-8353, which targets a PHP Object Injection vulnerability in the GiveWP WordPress plugin (versions up to 3.16.1). The exploit automates the process of identifying vulnerable forms, retrieving nonces, and delivering payloads to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GiveWP WordPress plugin <= 3.16.1

No auth needed

Prerequisites: Python 3.x · PHP 7.x or later · Target WordPress site with vulnerable GiveWP plugin

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WRITEUP 1 stars

by OxLmahdi · poc

https://github.com/OxLmahdi/cve-2024-5932

View Code ZIP pw:eip

The repository contains only a README.md with images, suggesting it is a writeup or documentation for CVE-2024-5932. No exploit code or technical details are provided.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

Prerequisites: none

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by nishant-kumar-5173 · remote

https://github.com/nishant-kumar-5173/CVE-2024-5932

View Code ZIP pw:eip

This repository contains a Python-based exploit for CVE-2024-5932, targeting an unauthenticated PHP Object Injection vulnerability in the GiveWP WordPress plugin. The exploit leverages a crafted payload to achieve remote code execution (RCE) via deserialization of the 'give_title' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GiveWP Donation Plugin and Fundraising Platform (versions up to and including 3.14.1)

No auth needed

Prerequisites: Target must have the vulnerable GiveWP plugin installed and active · Network access to the target WordPress site

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by autom4il · remote

https://github.com/autom4il/CVE-2024-5932

View Code ZIP pw:eip

This PoC exploits a PHP object injection vulnerability in WordPress GiveWP plugin (CVE-2024-5932) to achieve remote code execution via a crafted serialized payload. It automates the extraction of required form IDs and nonces, then triggers the exploit via a donation form submission.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress GiveWP plugin (versions prior to fix for CVE-2024-5932)

No auth needed

Prerequisites: Target WordPress site with vulnerable GiveWP plugin · Network access to the target · Attacker-controlled server to receive reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by hlc23 · poc

https://github.com/hlc23/CVE-2024-5932-web-ui

View Code ZIP pw:eip

This repository contains a Flask-based web UI for interacting with Llama models, demonstrating CVE-2024-5932. The exploit allows arbitrary model uploads and potential RCE via model file manipulation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Llama.cpp-based applications with web UI (version not specified)

No auth needed

Prerequisites: Access to the web UI · Ability to upload malicious model files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

vulncheck_xdb WORKING POC

infoleak

https://github.com/0xb0mb3r/CVE-2024-5932-PoC

View Code ZIP pw:eip

This repository contains a functional Python exploit script and a PHP payload for CVE-2024-8353, which targets a PHP Object Injection vulnerability in the GiveWP WordPress plugin (versions up to 3.16.1). The exploit automates the process of identifying vulnerable forms, retrieving nonces, and delivering payloads to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GiveWP WordPress plugin <= 3.16.1

No auth needed

Prerequisites: Python 3.x · PHP 7.x or later · target URL · command to execute

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 25, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Villu Orav, EQSTLab, cuokon, Julien Ahrens, Valentin Lobstein · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_givewp_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated PHP Object Injection vulnerability in GiveWP (CVE-2024-8353), leading to remote code execution. It bypasses an incomplete patch by leveraging deserialization in the donation processing workflow.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GiveWP Donation Plugin and Fundraising Platform for WordPress (versions up to and including 3.16.1)

No auth needed

Prerequisites: Target must have the vulnerable GiveWP plugin installed and active · WordPress site must be accessible

MITRE ATT&CK