WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability
CVE-2024-33644

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Customify Site Library
Vendor: CVE Published:; 17 May 2024

Badges

👾 Exploit Exists🟣 EPSS 20%

What is CVE-2024-33644?

The vulnerability in the WPCustomify Customify Site Library arises from improper control in the generation of code, which allows for code injection attacks. This flaw enables attackers to exploit the affected plugin version up to 0.0.9, potentially executing arbitrary code and compromising the security of affected WordPress installations. Website owners using the Customify Site Library should take immediate action to patch their systems and implement security best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Customify Site Library <= 0.0.9

References

https://patchstack.com/database/vulnerability/customify-s...

vdb-entry

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 21, 2024
👾
Exploit known to exist
Aug 21, 2024
Vulnerability published
May 17, 2024
Vulnerability Reserved
Apr 25, 2024

Credit

Abdi Pranata (Patchstack Alliance)

JSON