KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

10.0

CVSS
Critical

CVE-2024-50498

PUBLISHED

WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability

PoC available Remote Low complexity No user interaction

Vendor: Ajit Bohra
Product: WP Query Console
Published: Oct 28, 2024
EPSS: —

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0.

nuclei_scanner

CVSS scores

CVSS v3.1 10.0 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation status

Proof of concept available

Recorded 2024-11-04 22:13:45 UTC · Source

SSVC decision points

Exploitation: poc
Automatable: Yes
Technical impact: total

References

https://patchstack.com/database/Wordpress/Plugin/wp-query-console/vulnerability/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Jun 26, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-50498.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

RandomRobbieBF/CVE-2024-50498

github · Created 2024-11-04 22:13:45 UTC · 3 stars

WP Query Console <= 1.0 - Unauthenticated Remote Code Execution

Timeline

CVE ID Reserved

October 24, 2024
CVE Published to Public

October 28, 2024
Proof of Concept Exploit Available

November 04, 2024
Detected by Nuclei

April 25, 2025
Added to KEVIntel

June 26, 2025