← Retour aux CVEs
CVE-2024-12583
CRITICAL9.9
Description
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
Details CVE
Score CVSS v3.19.9
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/4/2025
Derniere modification1/4/2025
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-1336
References
https://plugins.trac.wordpress.org/browser/integration-dynamics/trunk/src/Shortcode/Twig.php#L53(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset/3210927/(security@wordfence.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.