Path Traversal Vulnerability in Sogrid Plugin for WordPress
CVE-2024-54374

7.5HIGH

Key Information:

Vendor: WordPress
Status: Sogrid
Vendor: CVE Published:; 16 December 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 17%

Summary

CVE-2024-54374 is a path traversal vulnerability in the Sogrid plugin for WordPress developed by Sabri Taieb. This security flaw allows attackers to exploit improper limitations on file paths, potentially leading to PHP Local File Inclusion. The vulnerability affects Sogrid versions up to 1.5.6, and could allow unauthorized access to sensitive files on the server, thereby posing a serious threat to the overall security of WordPress websites utilizing this plugin. It is imperative for users to review and apply the latest security patches to safeguard their systems.

Affected Version(s)

Sogrid <= 1.5.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-54374
Created by RandomRobbieBF

References

https://patchstack.com/database/wordpress/plugin/sogrid/v...

vdb-entry

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 3, 2025
👾
Exploit known to exist
Jan 3, 2025
Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

tahu.datar (Patchstack Alliance)