CVE-2024-6366

CRITICAL NUCLEI

User Profile Builder <3.11.8 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-6366. PoCs published by Boshe99, Nxploited, Abdurahmon3236. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-6366, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Description

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

Exploits (3)

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-6366-PoC

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-6366, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: Vulnerable WordPress plugin installed · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-6366-PoC

View Code ZIP pw:eip

This PoC demonstrates an unauthenticated media upload vulnerability in the User Profile Builder WordPress plugin before 3.11.8. It checks the plugin version and exploits the async upload functionality to upload a file without proper authorization.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: User Profile Builder WordPress plugin < 3.11.8

No auth needed

Prerequisites: Target running WordPress with vulnerable User Profile Builder plugin · Network access to the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by Abdurahmon3236 · poc

https://github.com/Abdurahmon3236/CVE-2024-6366

View Code ZIP pw:eip

This is a Metasploit module exploiting an unauthenticated file upload vulnerability in the WordPress User Profile Builder plugin before version 3.11.8, allowing remote code execution via malicious PHP payload upload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress User Profile Builder < 3.11.8

No auth needed

Prerequisites: Target running vulnerable WordPress User Profile Builder plugin · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

User Profile Builder < 3.11.8 - File Upload

HIGHby s4e-io

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/

Scores

CVSS v3 9.1

EPSS 0.2899

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

cozmoslabs/profile_builder < 3.11.8

Published Jul 29, 2024

Tracked Since Feb 18, 2026