CVE-2024-9193

Summary

CVE-2024-9193 is a Local File Inclusion vulnerability affecting the WHMpress - WHMCS WordPress Integration Plugin used in WordPress sites. Versions up to and including 6.3 have been identified as vulnerable. Unauthenticated attackers can exploit this issue through the 'whmpress_domain_search_ajax_extended_results()' function, allowing them to include and execute arbitrary files on the server. This can result in bypassing access controls, data theft, or code execution, particularly when "safe" file types like images can be uploaded and included. Attackers can also utilize the /admin/services.php file to update arbitrary options on the site, potentially granting administrative user access by changing the default role for registration to administrator and enabling user registration.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.