CVE-2024-12252
Published: 07 January 2025
Summary
CVE-2024-12252 is a critical-severity Code Injection (CWE-94) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to and including 2.2.1. This flaw, assigned CVE-2024-12252 and rated 9.8 under CVSS 3.1, permits unauthenticated attackers to overwrite the seo-beginner-auto-post.php file, which can be leveraged for remote code execution. The issue is categorized under CWE-94.
Unauthenticated remote attackers can exploit the vulnerability without user interaction or privileges by sending crafted requests to the affected AJAX endpoint. Successful exploitation grants full control over the overwritten plugin file, enabling arbitrary code execution that impacts confidentiality, integrity, and availability of the WordPress site.
The current and peak EPSS score of 0.7133 indicates substantial exploitation interest following disclosure. Public references include the plugin directory page and a Wordfence threat intelligence entry that document the affected component.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50716
Vulnerability details
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to…
more
overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing auth check on AJAX endpoint enables unauthenticated remote file overwrite in WordPress plugin, directly facilitating T1190 (public app exploitation) and T1100 (web shell via malicious PHP overwrite for RCE).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations on the remote_update AJAX action, directly addressing the missing capability check that allows unauthenticated file overwrites.
Implements least privilege to prevent unauthenticated attackers from gaining the capabilities needed to overwrite critical PHP files like seo-beginner-auto-post.php.
Restricts logical access to changes such as file overwrites, mitigating the vulnerability's exploitation for remote code execution.