Cyber Posture

CVE-2024-12252

CriticalRCE

Published: 07 January 2025

Published
07 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.6649 98.6th percentile
Risk Priority 59 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12252 is a critical-severity Code Injection (CWE-94) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations on the remote_update AJAX action, directly addressing the missing capability check that allows unauthenticated file overwrites.

AC-6 Least Privilege good match
prevent

Implements least privilege to prevent unauthenticated attackers from gaining the capabilities needed to overwrite critical PHP files like seo-beginner-auto-post.php.

CM-5 Access Restrictions for Change good match
prevent

Restricts logical access to changes such as file overwrites, mitigating the vulnerability's exploitation for remote code execution.

NVD Description

The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to…

more

overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.

Deeper analysisAI

CVE-2024-12252 is a file overwrite vulnerability in the SEO LAT Auto Post plugin for WordPress, affecting all versions up to and including 2.2.1. The issue arises from a missing capability check on the remote_update AJAX action, which allows attackers to overwrite the seo-beginner-auto-post.php file. Published on January 7, 2025, it has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-94 (code injection).

Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no user interaction. By leveraging the flawed AJAX endpoint, they can overwrite critical plugin files, enabling remote code execution on the targeted WordPress site.

Advisories and mitigation guidance are detailed in the Wordfence threat intelligence report at https://www.wordfence.com/threat-intel/vulnerabilities/id/67df10cc-ce3c-4157-9860-7e367062f710?source=cve and the plugin's WordPress.org page at https://wordpress.org/plugins/seo-beginner-auto-post/. Security practitioners should consult these sources for patch availability and recommended actions.

Details

CWE(s)
CWE-94

Affected Products

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-25001Shared CWE-94
CVE-2026-32573Shared CWE-94
CVE-2025-25943Shared CWE-94
CVE-2025-67113Shared CWE-94
CVE-2025-22906Shared CWE-94
CVE-2025-63421Shared CWE-94
CVE-2025-23209Shared CWE-94
CVE-2026-39440Shared CWE-94
CVE-2026-42238Shared CWE-94
CVE-2026-32276Shared CWE-94

References