Cyber Resilience

CVE-2024-13900

Medium

Published: 21 February 2025

Published
21 February 2025
Modified
25 February 2025
KEV Added
Patch
CVSS Score v3.1 4.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0011 28.6th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13900 is a medium-severity Code Injection (CWE-94) vulnerability in Satollo Head\, Footer\, And Post Injections. Its CVSS base score is 4.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-13900 is a PHP Code Injection vulnerability (CWE-94) in the Head, Footer and Post Injections plugin for WordPress, affecting all versions up to and including 3.3.0. The flaw exists specifically in multisite environments, where improper input handling allows malicious code execution.

Authenticated attackers with Administrator-level access or higher can exploit this vulnerability over the network. Exploitation requires high attack complexity but no user interaction, potentially resulting in limited impacts to confidentiality, integrity, and availability, as scored at CVSS 4.1 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L).

Advisories recommend updating the plugin beyond version 3.3.0 to mitigate the issue, with the WordPress plugin trac changeset 3244016 documenting the fix and Wordfence providing threat intelligence details at their referenced page.

EU & UK References

Vulnerability details

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in…

more

multisite environments.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

PHP code injection in public-facing WordPress plugin directly enables exploitation of the application (T1190) and installation/execution of web shells via injected code (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-57487Shared CWE-94
CVE-2025-70995Shared CWE-94
CVE-2026-32367Shared CWE-94
CVE-2026-3352Shared CWE-94
CVE-2026-30117Shared CWE-94
CVE-2026-45708Shared CWE-94
CVE-2023-53888Shared CWE-94
CVE-2024-50660Shared CWE-94
CVE-2026-26699Shared CWE-94
CVE-2025-70073Shared CWE-94

Affected Assets

satollo
head\, footer\, and post injections
≤ 3.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the PHP code injection vulnerability by requiring timely patching of the affected WordPress plugin as recommended in advisories.

prevent

Addresses the root cause of improper input handling in the plugin by enforcing validation of user inputs to prevent malicious PHP code execution.

prevent

Reduces exposure to the vulnerable plugin by restricting system functionality to only essential capabilities, such as disabling unnecessary head, footer, and post injection features.

References