Unrestricted Upload of File with Dangerous Type vulnerability
CVE-2024-49329

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Rest Api Fns
Vendor: CVE Published:; 20 October 2024

Summary

The WP REST API FNS plugin by Vivek Tamrakar contains a vulnerability that allows for the unrestricted upload of files, potentially permitting attackers to upload a web shell to the web server. This flaw affects versions from n/a to 1.0.0, creating significant security concerns as it can be exploited by malicious users to execute arbitrary code, thereby compromising the integrity and security of the server.

Affected Version(s)

WP REST API FNS <= 1.0.0

References

https://patchstack.com/database/vulnerability/rest-api-fn...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

stealthcopter (Patchstack Alliance)