CVE-2024-33629

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Apr 29, 2024

CWE ID 918

Summary

CVE-2024-33629 is a newly identified Server-Side Request Forgery (SSRF) vulnerability affecting the Creative Motion Auto Featured Image (Auto Post Thumbnail) plugin, versions n/a through 4.0.0. Maliciously crafted requests can trick the server into loading arbitrary content, potentially leading to unauthorized data access or server misconfiguration. This poses a significant risk to WordPress sites using the vulnerable plugin, necessitating immediate patching to mitigate potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vmeW4S
https://www.cve.org/CVERecord?id=CVE-2024-33629
https://nvd.nist.gov/vuln/detail/CVE-2024-33629

Back to Vulnerability Database

CVE-2024-33629

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations