What is CVE-2024-3552?

CVE-2024-3552 is a vulnerability in Web Directory Free, classified under CWE-89 SQL INJECTION. Published 2024-06-13.

Is CVE-2024-3552 known to be exploited?

32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Web Directory Free

CVE-2024-3552

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques li…

EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Web Directory Free — versions 0

Public proof-of-concept exploits

KiPhuong/challenge-cve-2024-3552
KiPhuong/cve-2024-3552
12442RF/POC
AboSteam/POPC
Capt-Webk5/CYBERCON-2025-Writeup-Web-
DMW11525708/wiki
Lern0n/Lernon-POC
Linxloop/fork_
PuddinCat/GithubRepoSpider
Warren-Jace/poc-doc

References

wpscan.com/vulnerability/34b03ee4-de81-4fec-9f3d-e1bd5b94d136/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-3552?: CVE-2024-3552 is a vulnerability in Web Directory Free, classified under CWE-89 SQL INJECTION. Published 2024-06-13.
Is CVE-2024-3552 known to be exploited?: 32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.