CVE-2024-52384 — CRITICAL (CVSS 9.9) AI Security Vulnerability

CISO Take

Any WordPress site running the Sage AI plugin ≤2.4.9 is critically exposed: a low-privilege account is all it takes to upload a PHP web shell and own the server. Patch immediately, rotate all OpenAI API keys stored in that WordPress instance, and audit wp-content/uploads for existing shells. Treat this as a confirmed breach until proven otherwise.

Risk Assessment

CVSS 9.9 with Scope:Changed signals this is more dangerous than a typical plugin flaw — exploitation is trivially easy (low privilege, no user interaction, network-accessible) and impact cascades beyond WordPress to the entire hosting environment. AI-integrated WordPress sites are particularly high-value targets: they store OpenAI API keys, DALL-E credentials, and often handle user-submitted prompts, making them attractive for API key theft and cost-harvesting campaigns. No active KEV listing yet, but the low barrier to exploitation makes weaponization highly likely.

Severity & Risk

CVSS 3.1

9.9 / 10

EPSS

0.9%

chance of exploitation in 30 days

Higher than 76% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

Attack Surface

AV Network

AC Low

PR Low

UI None

S Changed

C High

I High

A High

Recommended Action

6 steps

PATCH

Update Sage AI plugin to the latest version immediately (2.4.10+). If patching is not immediately possible, deactivate the plugin.
ROTATE

Invalidate and regenerate all OpenAI API keys associated with the affected WordPress installation via the OpenAI dashboard.
AUDIT

Scan wp-content/uploads and all writable directories for .php files — any PHP file in these paths is a likely web shell. Use tools like NinjaScanner or manual find commands.
HARDEN

Add 'php_flag engine off' to wp-content/uploads/.htaccess to block PHP execution in upload directories regardless of patch status.
RESTRICT

Limit file upload permissions to admin roles only in WordPress user management.
MONITOR

Alert on creation of executable files in web-accessible directories via file integrity monitoring (Wordfence, Sucuri, or auditd on the host).

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact total

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Code Execution Data Extraction Auth Bypass Plugin API AML.T0034 - Cost Harvesting AML.T0040 - AI Model Inference API Access AML.T0049 - Exploit Public-Facing Application AML.T0055 - Unsecured Credentials AML.T0072 - Reverse Shell

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 9 - Risk Management System

ISO 42001

A.6.2 - Information Security for AI Systems

NIST AI RMF

GOVERN-1.7 - Third-Party AI Component Risk Management MANAGE-2.2 - Risk Treatment and Incident Response

OWASP LLM Top 10

LLM07 - Insecure Plugin Design

Frequently Asked Questions

What is CVE-2024-52384?

Any WordPress site running the Sage AI plugin ≤2.4.9 is critically exposed: a low-privilege account is all it takes to upload a PHP web shell and own the server. Patch immediately, rotate all OpenAI API keys stored in that WordPress instance, and audit wp-content/uploads for existing shells. Treat this as a confirmed breach until proven otherwise.

Is CVE-2024-52384 actively exploited?

No confirmed active exploitation of CVE-2024-52384 has been reported, but organizations should still patch proactively.

How to fix CVE-2024-52384?

1. PATCH: Update Sage AI plugin to the latest version immediately (2.4.10+). If patching is not immediately possible, deactivate the plugin. 2. ROTATE: Invalidate and regenerate all OpenAI API keys associated with the affected WordPress installation via the OpenAI dashboard. 3. AUDIT: Scan wp-content/uploads and all writable directories for .php files — any PHP file in these paths is a likely web shell. Use tools like NinjaScanner or manual find commands. 4. HARDEN: Add 'php_flag engine off' to wp-content/uploads/.htaccess to block PHP execution in upload directories regardless of patch status. 5. RESTRICT: Limit file upload permissions to admin roles only in WordPress user management. 6. MONITOR: Alert on creation of executable files in web-accessible directories via file integrity monitoring (Wordfence, Sucuri, or auditd on the host).

What systems are affected by CVE-2024-52384?

This vulnerability affects the following AI/ML architecture patterns: WordPress AI chatbot deployments, LLM API integration plugins, AI content generation platforms, OpenAI-integrated web applications.

What is the CVSS score for CVE-2024-52384?

CVE-2024-52384 has a CVSS v3.1 base score of 9.9 (CRITICAL). The EPSS exploitation probability is 0.89%.

Technical Details

NVD Description

Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through 2.4.9.

Exploitation Scenario

An adversary identifies a WordPress site using the Sage AI plugin via WPScan or passive reconnaissance on plugin footprints. They register as a subscriber (or use a previously compromised low-privilege account). Using the plugin's file upload endpoint — intended for AI-related media assets — the attacker submits a crafted multipart POST request with a PHP web shell named with a double extension or MIME type bypass (e.g., shell.php.jpg). The plugin stores the file in a web-accessible uploads directory without validating the actual file content. The attacker then browses directly to the uploaded shell URL and executes arbitrary OS commands, extracting wp-config.php and the full database dump. OpenAI API keys are harvested and immediately used for bulk GPT-4 content generation or sold, while the compromised server may be enrolled in a botnet or used as a staging point for lateral movement.