Unrestricted Upload of File with Dangerous Type vulnerability Affects Push Notifications for WordPress by PushAssist
CVE-2024-52408

9.9CRITICAL

Key Information:

Vendor: Wordpress
Status: Push Notifications For WordPress By Pushassist
Vendor: CVE Published:; 16 November 2024

Summary

The vulnerability in Push Notifications for WordPress by PushAssist manifests as an unrestricted upload of files with dangerous types, allowing attackers to upload malicious files, such as web shells, to a web server. This poses significant security risks as it could lead to unauthorized access and control of the hosting environment. The issue impacts all versions from n/a through 3.0.8, necessitating immediate attention to secure the application against potential exploits.

Affected Version(s)

Push Notifications for WordPress by PushAssist <= 3.0.8

References

https://patchstack.com/database/vulnerability/push-notifi...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 16, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

stealthcopter (Patchstack Alliance)