Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2024-52476

10CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
2 December 2024

What is CVE-2024-52476?

The vulnerability identified allows for unrestricted file uploads in the Fediverse Embeds plugin created by Stefan Bohacek. This flaw enables attackers to upload files of dangerous types, potentially leading to the deployment of a web shell on the server. As a result, this vulnerability could provide unauthorized access and control over affected systems. The issue impacts versions from n/a through 1.5.3. Users of the Fediverse Embeds plugin should prioritize mitigation measures and consider updating to secure versions.

Affected Version(s)

Fediverse Embeds 0 <= 1.5.3

References

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

stealthcopter (Patchstack Alliance)
.