CVE-2024-13725
Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File InclusionThe Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If register_argc_argv is enabled on the server and pearcmd.php is installed, this issue might lead to Remote Code Execution.
We have discovered 774 live websites that are affected by CVE-2024-13725.
Affected Software
| Product |  Infusionsoft Official Opt In Forms |
| Category | Wordpress Plugins |
| Vulnerable Domains | 774 live websites (100% of Infusionsoft Official Opt In Forms install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Details
- Published - Feb 18, 2025
- Updated - Feb 18, 2025
Credits
- Hiroho Shimada (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-13725 United States | 601 websites |
 GB | 50 websites |
 Canada | 28 websites |
 Australia | 27 websites |
 Germany | 12 websites |
 Italy | 7 websites |
 Bulgaria | 5 websites |
 Brazil | 5 websites |
 Singapore | 5 websites |
Website Distribution by TLD
Number of websites using CVE-2024-13725| .com | 601 websites |
| .co.uk | 34 websites |
| .org | 30 websites |
| .com.au | 27 websites |
| .net | 22 websites |
| .ca | 11 websites |
| .it | 8 websites |
| .com.br | 5 websites |
| .ch | 2 websites |
| .es | 2 websites |
Websites affected by CVE-2024-13725
Top websites that are affected by CVE-2024-13725. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | **,*** | |
| **************.com | United States | ***,*** | |
| *********************.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| *********************.org | United States | ***,*** | |
| *************.com | United States | ***,*** | |
| **************.org | United States | ***,*** | |
| **************.com | United States | ***,*** | |
| **********.com | United States | ***,*** |
FAQ
CVE-2024-13725 is Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Infusionsoft Official Opt In Forms
A total of 774 websites have been identified as vulnerable to CVE-2024-13725, based on global website indexing conducted by WebTechSurvey.
The Infusionsoft Official Opt In Forms is affected by the CVE-2024-13725 vulnerability.
Infusionsoft Official Opt In Forms versions up to and including 2.0.1 are vulnerable to CVE-2024-13725.