- Description
- The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-1336
- Hype score
- Not currently trending
CVE-2024-12583 - Dynamics 365 Integration Plugin for WordPress Remote Code Execution and Arbitrary File Read Vulnerability https://t.co/g7IcA25QiI
@WhalersLtd
4 Jan 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12583 Remote Code Execution in Dynamics 365 WordPress Plugin via Twig Injection The Dynamics 365 Integration plugin for WordPress has a Remote Code Execution and Arbitrary File Read vulnerability in all ... https://t.co/iXBuugexNI
@VulmonFeeds
4 Jan 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12583 The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig… https://t.co/wn2VRoLQZR
@CVEnew
4 Jan 2025
667 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12583: CRITICAL] WordPress plugin Dynamics 365 Integration has security vulnerabilities up to v1.3.23, allowing RCE & Arbitrary File Read due to missing validation. Attackers can execute code with Contr...#cybersecurity,#vulnerability https://t.co/3uSvNGKgr4 https:/
@CveFindCom
4 Jan 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes