What is the severity of CVE-2024-9624?

CVE-2024-9624 is classified as a high severity vulnerability due to its potential for exploitation by authenticated attackers.

How do I fix CVE-2024-9624?

To fix CVE-2024-9624, upgrade the WP All Import Pro plugin to version 4.9.4 or later.

Who is affected by CVE-2024-9624?

CVE-2024-9624 affects users of the WP All Import Pro plugin version 4.9.3 and earlier who have Administrator-level access.

What type of vulnerability is CVE-2024-9624?

CVE-2024-9624 is a Server-Side Request Forgery (SSRF) vulnerability.

What does CVE-2024-9624 allow an attacker to do?

CVE-2024-9624 allows authenticated attackers to send unauthorized requests to internal resources, potentially leading to data breaches.

Vulnerability/
CVE-2024-9624

high

7.6

CWE

918

EPSS

0.049%

17/12/2024

CVE-2024-9624: WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import

First published: Tue Dec 17 2024(Updated: )

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
WP All Import	<=4.9.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-9624?
CVE-2024-9624 is classified as a high severity vulnerability due to its potential for exploitation by authenticated attackers.
How do I fix CVE-2024-9624?
To fix CVE-2024-9624, upgrade the WP All Import Pro plugin to version 4.9.4 or later.
Who is affected by CVE-2024-9624?
CVE-2024-9624 affects users of the WP All Import Pro plugin version 4.9.3 and earlier who have Administrator-level access.
What type of vulnerability is CVE-2024-9624?
CVE-2024-9624 is a Server-Side Request Forgery (SSRF) vulnerability.
What does CVE-2024-9624 allow an attacker to do?
CVE-2024-9624 allows authenticated attackers to send unauthorized requests to internal resources, potentially leading to data breaches.

agent/title
agent/references
agent/weakness
agent/first-publish-date
agent/type
agent/description
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/event
agent/trending
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/wp all import
canonical/wp all import

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.