CVE-2024-6460

CRITICAL NUCLEI

Grow by Tradedoubler <2.0.21 - Code Injection

Title source: llm

Description

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

Exploits (3)

nomisec STUB

by E1-Bot141 · poc

https://github.com/E1-Bot141/CVE-2024-6460

View Code ZIP pw:eip

nomisec WORKING POC

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-6460

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-6460

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion

CRITICALby ritikchaddha

FOFA: body="wp-content/plugins/tradedoubler-affiliate-tracker/"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/

Scores

CVSS v3 9.8

EPSS 0.9187

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (1)

tradedoubler/grow < 2.0.22

Timeline

Published Aug 16, 2024

Tracked Since Feb 18, 2026