Login Sign Up

CVE-2024-3673

9.1 CRITICAL

📋 TL;DR

The Web Directory Free WordPress plugin before version 1.7.3 contains a Local File Inclusion vulnerability due to improper validation of user-supplied parameters in include() statements. This allows attackers to read sensitive files on the server, potentially leading to information disclosure or code execution. WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • Web Directory Free WordPress Plugin
Versions: All versions before 1.7.3
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the Web Directory Free plugin installed and activated.

📦 What is this software?

Web Directory Free by Salephpscripts

View all CVEs affecting Web Directory Free →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through LFI to Remote Code Execution chain, allowing attackers to execute arbitrary code, steal sensitive data, or take over the entire WordPress installation.

🟠

Likely Case

Information disclosure of sensitive server files (configuration files, password hashes, database credentials) leading to further attacks or data theft.

🟢

If Mitigated

Limited file access within web root directory if proper file permissions are configured, potentially exposing only non-sensitive web files.

🌐 Internet-Facing: HIGH - WordPress plugins are typically exposed to the internet, making them accessible to any remote attacker.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but external exposure increases overall risk significantly.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

LFI vulnerabilities are well-understood and often have public exploit code available. The vulnerability requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.3

Vendor Advisory: https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Web Directory Free' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.7.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Web Directory Free plugin until patched

wp plugin deactivate web-directory-free

Restrict file access

linux

Configure web server to restrict access to sensitive directories and files

# Add to .htaccess for Apache:
<FilesMatch "\.(php|inc|conf|config|sql|log|txt)$">
  Order Deny,Allow
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block LFI attack patterns
  • Remove plugin files completely and use alternative directory solution

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Web Directory Free version. If version is below 1.7.3, system is vulnerable.

Check Version:

wp plugin get web-directory-free --field=version

Verify Fix Applied:

Confirm plugin version is 1.7.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in web server logs
  • Requests containing '../' sequences or file path traversal attempts
  • Access to sensitive files like /etc/passwd, wp-config.php

Network Indicators:

  • HTTP requests with file path parameters containing directory traversal sequences
  • Unexpected file downloads from web server

SIEM Query:

web.url:*../* AND (web.url:*.php OR web.url:*.conf OR web.url:*.ini) AND destination.port:80 OR destination.port:443

📊 Metadata

CVE ID: CVE-2024-3673
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Published: August 30, 2024
Last Updated: May 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON