Local File Inclusion Vulnerability in WHMpress WordPress Plugin
CVE-2024-9193

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Whmpress - Whmcs WordPress Integration Plugin
Vendor: CVE Published:; 28 February 2025

What is CVE-2024-9193?

The WHMpress - WHMCS WordPress Integration Plugin is susceptible to a Local File Inclusion vulnerability, allowing unauthenticated users to include arbitrary files on the server through the whmpress_domain_search_ajax_extended_results() function. This flaw can be exploited to execute PHP code, potentially bypassing access controls and compromising sensitive data. Attackers may gain administrative access by manipulating the site's registration options and leveraging the /admin/services.php file, leading to a severe security breach.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WHMpress - WHMCS WordPress Integration Plugin * <= 6.3-revision-0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://whmpress.com/docs/change-log/

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Sep 25, 2024

Credit

Tonn

JSON

WordPress

What is CVE-2024-9193?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.