What is CVE-2024-3673?

CVE-2024-3673 is a vulnerability in Web Directory Free, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). Published 2024-08-30.

Is CVE-2024-3673 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Web Directory Free

CVE-2024-3673

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.

EPSS: 0.922 (99.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Web Directory Free — versions 0

Public proof-of-concept exploits

Nxploited/CVE-2024-3673
JubinBlack/Disobey25
cyb3r-w0lf/nuclei-template-collection
20142995/nuclei-templates
nomi-sec/PoC-in-GitHub
tranphuc2005/Exploit_
fkie-cad/nvd-json-data-feeds

References

wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-3673?: CVE-2024-3673 is a vulnerability in Web Directory Free, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). Published 2024-08-30.
Is CVE-2024-3673 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.