Platform
wordpress
Component
noveldesign-store-directory
Fixed in
4.3.1
CVE-2024-51788 is an Arbitrary File Access vulnerability affecting The Novel Design Store Directory. Attackers can exploit this flaw to upload malicious files, including web shells, granting them unauthorized control over the web server. This vulnerability impacts versions of The Novel Design Store Directory up to and including 4.3.0. A patch is available in version 4.3.1.
The primary impact of CVE-2024-51788 is the ability for an attacker to upload a web shell to the server. A web shell is a malicious script that allows an attacker to execute arbitrary commands on the server as if they were a legitimate administrator. This can lead to complete server compromise, including data exfiltration, modification, or deletion. The attacker could also use the compromised server as a launchpad for further attacks against other systems on the network, achieving lateral movement. The blast radius extends beyond the affected directory, potentially impacting any data or services hosted on the same server. The unrestricted file upload nature of this vulnerability makes it particularly dangerous, as it bypasses typical security controls designed to prevent malicious file uploads.
CVE-2024-51788 was published on November 11, 2024. Its critical CVSS score (10) indicates a high probability of exploitation. While no public Proof-of-Concept (POC) exploits have been widely reported, the ease of exploiting arbitrary file upload vulnerabilities suggests that it could become a target for automated scanning and exploitation. The vulnerability's presence on the NVD (National Vulnerability Database) increases the likelihood of exploitation attempts. EPSS score is likely to be high, reflecting the severity and potential for widespread exploitation.
Exploit Status
EPSS
29.62% (97% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-51788 is to immediately upgrade to version 4.3.1 of The Novel Design Store Directory. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting file upload types to only explicitly allowed extensions, implementing stricter file size limits, and enabling server-side validation of uploaded files. Web Application Firewalls (WAFs) can be configured with rules to block suspicious file uploads and detect web shell activity. Monitor server logs for unusual file activity or command execution attempts. After upgrading, confirm the vulnerability is resolved by attempting to upload a test file with a known dangerous extension (e.g., .php) and verifying that the upload is rejected.
Actualice el plugin The Novel Design Store Directory a la última versión disponible. La vulnerabilidad permite la subida de archivos arbitrarios, lo que podría comprometer la seguridad del sitio web. La actualización corrige esta vulnerabilidad.
Vulnerability analysis and critical alerts directly to your inbox.
It's a critical Arbitrary File Access vulnerability in The Novel Design Store Directory allowing attackers to upload malicious files, potentially gaining full server control.
If you are using The Novel Design Store Directory versions 4.3.0 or earlier, you are vulnerable to this exploit.
Upgrade to version 4.3.1 immediately. If upgrading isn't possible, implement temporary workarounds like restricting file types and sizes.
While no widespread exploitation is currently reported, the vulnerability's severity and ease of exploitation make it a likely target.
Refer to the National Vulnerability Database (NVD) entry for CVE-2024-51788 and the vendor's security advisory for further details.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.