CVE-2024-27954 PoC — WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability

Source

Associated Vulnerability

Readme

# CVE-2024-27954


# 📝 CVE-2024-27954 - Path Traversal & SSRF Vulnerability in WP Automatic Plugin

### Description
An **Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')** vulnerability exists in the WP Automatic plugin, allowing **Path Traversal** and **Server-Side Request Forgery (SSRF)** attacks. This issue affects WP Automatic versions up to **3.92.0**.

---

### 🔍 Detection Queries

To identify affected hosts, you can use the following queries:

- **FOFA:** `body="wp-content/plugins/wp-automatic" && header="HTTP/1.1 200 OK"`
- **ZoomEye:** `title:"wp-automatic" response.status_code:200`
- **Shodan:** `http.title:"wp-automatic" http.status:200`
- **Publicwww:** `"/wp-content/plugins/wp-automatic"`

---

### ⬇️ Installation

Clone the repository:

```bash
git clone https://github.com/Quantum-Hacker/CVE-2024-27954.git
cd CVE-2024-27954

Nuclei Usage:
Use Nuclei with the provided template:
nuclei -t wprce.yaml --target http://example.com or -l WPUrls.txt


⚠️ Disclaimer
This tool is intended for authorized security testing and educational purposes only. Unauthorized use against systems is strictly prohibited.

📄 License
This tool is licensed under the MIT License.

File Snapshot

 [4.0K]  /data/pocs/86e402fa19da83f5ad0b083ecdd2e5ec09aca3b1
├── [1.2K]  README.md
└── [ 661]  wprce.yaml

1 directory, 2 files

Remarks