CVE-2024-27972
published 2024-04-03CVE-2024-27972: Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from…
PriorityP181critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.63%
73.2th percentile
Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jack_arturo | wp_fusion_lite | <= 3.41.24 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wvfw-6rv6-rmwc: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command I
ghsa_unreviewed·2024-04-03
CVE-2024-27972 [CRITICAL] CWE-77 GHSA-wvfw-6rv6-rmwc: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command I
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.
VulnCheck
WordPress WP Fusion Lite Plugin Remote Code Execution (RCE)
vulncheck·2024
CVE-2024-27972 WordPress WP Fusion Lite Plugin Remote Code Execution (RCE)
WordPress WP Fusion Lite Plugin Remote Code Execution (RCE)
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.
Affected: Very Good Plugins WP Fusion Lite
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/wp-fusion-lite/vulnerability/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability
Exploit PoC: https://vulncheck.com/xdb/3feccfe00c6e
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/Wordpress/Plugin/wp-fusion-lite/vulnerability/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability?_s_id=cve
2024-04-03
Published
Exploited in the wild