CVE-2024-27971: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in Premmerce Premmerce Permalink Manager for WooCommerce
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through <= 2.3.10.
AI Analysis
Technical Summary
CVE-2024-27971 is a remote file inclusion vulnerability in Premmerce Permalink Manager for WooCommerce (<= 2.3.10) caused by improper control of filenames in PHP include/require statements. This allows attackers to supply a crafted filename that can lead to the inclusion and execution of remote malicious code. The vulnerability has a CVSS 3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H), reflecting high impact on confidentiality, integrity, and availability. No patch or vendor advisory details are currently available, and no exploits are known in the wild. The issue affects the plugin in self-hosted WordPress environments and is not related to cloud services.
Potential Impact
Successful exploitation of this vulnerability can lead to remote code execution on the affected system, resulting in complete compromise of the web server hosting the Premmerce Permalink Manager for WooCommerce plugin. This includes full control over confidentiality, integrity, and availability of the affected system. The high CVSS score reflects the critical nature of this impact. No known active exploitation has been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or removing the Premmerce Permalink Manager for WooCommerce plugin if possible, or restrict access to the affected functionality to trusted users only. Monitor official Premmerce channels for updates and apply patches promptly once available.
CVE-2024-27971: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in Premmerce Premmerce Permalink Manager for WooCommerce
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through <= 2.3.10.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-27971 is a remote file inclusion vulnerability in Premmerce Permalink Manager for WooCommerce (<= 2.3.10) caused by improper control of filenames in PHP include/require statements. This allows attackers to supply a crafted filename that can lead to the inclusion and execution of remote malicious code. The vulnerability has a CVSS 3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H), reflecting high impact on confidentiality, integrity, and availability. No patch or vendor advisory details are currently available, and no exploits are known in the wild. The issue affects the plugin in self-hosted WordPress environments and is not related to cloud services.
Potential Impact
Successful exploitation of this vulnerability can lead to remote code execution on the affected system, resulting in complete compromise of the web server hosting the Premmerce Permalink Manager for WooCommerce plugin. This includes full control over confidentiality, integrity, and availability of the affected system. The high CVSS score reflects the critical nature of this impact. No known active exploitation has been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or removing the Premmerce Permalink Manager for WooCommerce plugin if possible, or restrict access to the affected functionality to trusted users only. Monitor official Premmerce channels for updates and apply patches promptly once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Patchstack
- Date Reserved
- 2024-02-28T16:46:55.227Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69cd7416e6bfc5ba1def51f7
Added to database: 4/1/2026, 7:37:58 PM
Last enriched: 5/12/2026, 5:18:58 AM
Last updated: 5/21/2026, 11:56:33 AM
Views: 26
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.