CVE-2024-13725 in Keap Official Opt-in Forms Pluginالمعلومات

الملخص

بحسب MITRE • 18/02/2025

The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If register_argc_argv is enabled on the server and pearcmd.php is installed, this issue might lead to Remote Code Execution.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Wordfence

حجز

24/01/2025

إفشاء

18/02/2025

الاعتدال

تمت الموافقة

إدخال

VDB-296068

CPE

جاهز

CWE

CWE-22 (مؤكد)

CVSS

9.8 (CNA)

EPSS

0.00397

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-13725
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-13725
CVE Details	https://www.cvedetails.com/cve/CVE-2024-13725/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!