ET WEB_SPECIFIC_APPS WordPress Plugin wp-automatic Server-Side Request Forgery (CVE-2024-27954)

SID: 2061306Rev: 174 views
Sourceet/open
CreatedApril 4, 2025
UpdatedApril 4, 2025
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS WordPress Plugin wp-automatic Server-Side Request Forgery (CVE-2024-27954)"; flow:established,to_server; http.uri; content:"/wp-content/plugins/wp-automatic/"; fast_pattern; http.request_body; content:"q|3d|"; pcre:"/^(?:(?:S(?:HOW\x20(?:C(?:UR(?:DAT|TIM)E|HARACTER\x20SET)|(?:VARI|T)ABLES)|ELECT\x20(?:FROM|USER))|U(?:NION\x20SELEC|PDATE\x20SE)T|DELETE\x20FROM|INSERT\x20INTO)|S(?:HOW.+(?:C(?:HARACTER.+SET|UR(DATE|TIME))|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER))|U(?:NION.+SELEC|PDATE.+SE)T|DELETE.+FROM|INSERT.+INTO|\x2f\*.+\*\x2f)/Ri"; reference:url,github.com/gh-ost00/CVE-2024-27954; reference:cve,2024-27954; classtype:web-application-attack; sid:2061306; rev:1; metadata:affected_product Wordpress_Plugins, attack_target Server, created_at 2025_04_04, cve CVE_2024_27954, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_04_04, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlgithub.com/gh-ost00/CVE-2024-27954
cve2024-27954

Metadata

affected productWordpress_Plugins
attack targetServer
created at2025_04_04
deploymentInternal
confidenceHigh
signature severityMajor
tagExploit
updated at2025_04_04
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!