Cyber Resilience

CVE-2024-12583

Critical

Published: 04 January 2025

Published
04 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.1192 93.9th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12583 is a critical-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The Dynamics 365 Integration plugin for WordPress is vulnerable to remote code execution and arbitrary file read in all versions through 1.3.23. The issue stems from insufficient input validation and sanitization in the render function, which permits Twig server-side template injection (CWE-1336). The flaw carries a CVSS 3.1 score of 9.9.

Authenticated users with Contributor-level privileges or higher can supply malicious Twig templates that execute arbitrary code or read files on the underlying server. Exploitation requires network access but no user interaction and affects the WordPress site in the context of the web server account.

Public references include a WordPress plugin changeset that addresses the vulnerable code path along with a detailed advisory from Wordfence. The EPSS score has remained flat at 0.1192 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on…

more

the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

SSTI RCE on public-facing WP plugin directly enables T1190 exploitation; arbitrary file read maps to T1005.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26938Shared CWE-1336
CVE-2026-25526Shared CWE-1336
CVE-2026-21448Shared CWE-1336
CVE-2025-53909Shared CWE-1336
CVE-2026-34587Shared CWE-1336
CVE-2026-9558Shared CWE-1336
CVE-2025-49828Shared CWE-1336
CVE-2025-59340Shared CWE-1336
CVE-2025-69516Shared CWE-1336
CVE-2026-21450Shared CWE-1336

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause of the SSTI vulnerability by requiring validation and sanitization of inputs to the Twig render function.

prevent

Mandates timely remediation of the specific code flaw in the plugin's render function, such as applying the available patch from changeset 3210927.

prevent

Enforces least privilege to restrict Contributor-level access, reducing the attack surface for authenticated users exploiting the render function.

References