# CVE-2024-27954
# 📝 CVE-2024-27954 - Path Traversal & SSRF Vulnerability in WP Automatic Plugin
### Description
An **Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')** vulnerability exists in the WP Automatic plugin, allowing **Path Traversal** and **Server-Side Request Forgery (SSRF)** attacks. This issue affects WP Automatic versions up to **3.92.0**.
---
### 🔍 Detection Queries
To identify affected hosts, you can use the following queries:
- **FOFA:** `body="wp-content/plugins/wp-automatic" && header="HTTP/1.1 200 OK"`
- **ZoomEye:** `title:"wp-automatic" response.status_code:200`
- **Shodan:** `http.title:"wp-automatic" http.status:200`
- **Publicwww:** `"/wp-content/plugins/wp-automatic"`
---
### ⬇️ Installation
Clone the repository:
```bash
git clone https://github.com/Quantum-Hacker/CVE-2024-27954.git
cd CVE-2024-27954
Nuclei Usage:
Use Nuclei with the provided template:
nuclei -t wprce.yaml --target http://example.com or -l WPUrls.txt
⚠️ Disclaimer
This tool is intended for authorized security testing and educational purposes only. Unauthorized use against systems is strictly prohibited.
📄 License
This tool is licensed under the MIT License.
[4.0K] /data/pocs/87cf8e1fde78a426d3bcd4eb714b0c029bfd3156
├── [1.2K] README.md
└── [ 661] wprce.yaml
0 directories, 2 files