Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2024-27956
PUBLISHEDWordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability
- Vendor
- ValvePress
- Product
- Automatic
- Published
- Mar 21, 2024
- EPSS
- —
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
Exploitation status
Proof of concept available
Recorded 2024-06-09 07:21:44 UTC · Source
SSVC decision points
- Exploitation
- none
- Automatable
- Yes
- Technical impact
- partial
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| The Shadowserver (via CIRCL) | Jun 26, 2025 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_automatic_sqli_to_rce.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-27956.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-07-11 14:17:23 UTC · 7 stars
Perform with massive Wordpress SQLI 2 RCE
github · Created 2024-06-09 07:21:44 UTC · 2 stars
github · Created 2024-05-01 01:58:28 UTC · 85 stars
PoC for SQL Injection in CVE-2024-27956
github · Created 2024-04-27 11:03:36 UTC · 18 stars
CVE-2024-27956 WordPress Automatic < 3.92.1 - Unauthenticated SQL Injection
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Detected by Nuclei
-
Detected by Metasploit
-
Added to KEVIntel