CVE-2024-54374
Published: 16 December 2024
Summary
CVE-2024-54374 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2024-54374 is a path traversal flaw (CWE-22) that permits PHP local file inclusion in the Sogrid WordPress plugin by Sabri. It affects all versions through 1.5.6 and carries a CVSS 3.1 score of 7.5.
An unauthenticated remote attacker can trigger the issue over the network, although successful exploitation demands high attack complexity and user interaction. When conditions are met, the attacker can include arbitrary local PHP files, resulting in high impact to confidentiality, integrity, and availability.
The Patchstack advisory at the referenced URL identifies the affected plugin versions and serves as the primary source for mitigation guidance, which centers on applying the vendor-supplied update once released. The EPSS score has remained flat at 0.2066 with no material rise observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52495
Vulnerability details
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Sogrid sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through <= 1.5.6.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.