WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability
CVE-2024-33644

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Customify Site Library
Vendor: CVE Published:; 17 May 2024

Badges

👾 Exploit Exists🟣 EPSS 20%

What is CVE-2024-33644?

The vulnerability in the WPCustomify Customify Site Library arises from improper control in the generation of code, which allows for code injection attacks. This flaw enables attackers to exploit the affected plugin version up to 0.0.9, potentially executing arbitrary code and compromising the security of affected WordPress installations. Website owners using the Customify Site Library should take immediate action to patch their systems and implement security best practices to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Customify Site Library <= 0.0.9

References

https://patchstack.com/database/vulnerability/customify-s...

vdb-entry

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Aug 21, 2024
👾
Exploit known to exist
Aug 21, 2024
Vulnerability published
May 17, 2024
Vulnerability Reserved
Apr 25, 2024

Credit

Abdi Pranata (Patchstack Alliance)

JSON

WordPress

Badges

What is CVE-2024-33644?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.