CVE-2024-50523

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 4, 2024

Updated: Nov 6, 2024

CWE ID 434

Summary

CVE-2024-50523 represents a significant security vulnerability affecting the All Post Contact Form plugin used by RainbowLink Inc. This issue allows for unrestricted file uploads, enabling an attacker to upload a dangerous web shell to the web server. The vulnerability, present in versions 1.0 through 1.7.3, enables attackers to gain unauthorized access and potentially take control of the affected system. This flaw can lead to serious consequences, including data theft and unauthorized modification of website content. It is essential for users to update the All Post Contact Form plugin to a patched version to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database