CVE-2024-3673
published 2024-08-30CVE-2024-3673: The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion…
PriorityP263critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EXPLOIT
EPSS
5.58%
91.9th percentile
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| salephpscripts | web_directory_free | < 1.7.3 | 1.7.3 |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
rule CVE_2024_3673_LFI { strings: $s1 = "from_set_ajax=1" $s2 = "action=w2dc_controller_request" $s3 = "template=" condition: all of them }- →Look for POST requests to /wp-admin/admin-ajax.php containing the parameters 'from_set_ajax=1', 'action=w2dc_controller_request', and a 'template' parameter with path traversal sequences (e.g., '../'). ↗
- →Successful exploitation returns HTTP 200 with content-type text/html and a response body matching the pattern 'root:.*:0:0:' (contents of /etc/passwd), indicating successful Local File Inclusion. ↗
- →Fingerprint vulnerable hosts by checking for the string '/wp-content/plugins/web-directory-free' in the HTTP response body of the target's homepage. ↗
- →The attack is unauthenticated (no credentials required) and exploits the 'template' parameter passed to PHP's include() without validation in the Web Directory Free plugin before version 1.7.3. ↗
- ·The exploit requires the target site to have the Web Directory Free plugin installed and active (version < 1.7.3). The Nuclei template first confirms plugin presence before attempting exploitation. ↗
- ·EPSS score is extremely high (0.92053, 99.7th percentile), indicating this vulnerability is very likely being actively exploited in the wild. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Web Directory Free < 1.7.3 - Local File Inclusion
nuclei·CVSS 9.1
CVE-2024-3673 [CRITICAL] Web Directory Free < 1.7.3 - Local File Inclusion
Web Directory Free < 1.7.3 - Local File Inclusion
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
Template:
id: CVE-2024-3673
info:
name: Web Directory Free < 1.7.3 - Local File Inclusion
author: s4e-io
severity: critical
description: |
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
impact: |
Unauthenticated attackers can exploit LFI to read sensitive files including /etc/passwd via the template parameter.
remediation: |
Update Web Directory Free to version 1.7.3 or later.
reference:
- https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/
No writeups or analysis indexed.
2024-08-30
Published