CVE-2024-49652 — AI Deep Analysis Summary

🚨 **Essence**: A critical **Arbitrary File Upload** flaw in the '3D Work In Progress' WordPress plugin.…

🛡️ **Root Cause**: **CWE-434** (Unrestricted Upload of File with Dangerous Type).…

📦 **Affected**: WordPress Plugin **3D Work In Progress**. <br>📉 **Version**: **1.0.3** and all earlier versions. <br>👤 **Vendor**: Renata Bracichowicz.

🕵️ **Attacker Actions**: Gain **Remote Code Execution (RCE)**. <br>📂 **Data Access**: Full read/write access to server files, database, and potentially sensitive user data.…

⚡ **Threshold**: **Low**. <br>🔑 **Auth**: Requires **Low Privileges** (PR:L) according to CVSS. <br>🖱️ **UI**: No User Interaction (UI:N) needed. <br>🌐 **Network**: Network Accessible (AV:N).

📜 **Exploit Status**: **Publicly Disclosed**. <br>🔗 **Sources**: Patchstack database lists the vulnerability.…

🔍 **Self-Check**: Scan for the plugin name **'3D Work In Progress'**. <br>📊 **Version Check**: Verify if installed version is **≤ 1.0.3**.…

🛠️ **Fix Status**: **Yes**, a fix is implied by the CVE publication. <br>🔄 **Action**: Update the plugin to the latest version immediately.…

🚧 **Workaround**: If patching is delayed, **disable the plugin** entirely. <br>🚫 **Access Control**: Restrict file upload permissions in `wp-config.php` or server config.…

🔥 **Urgency**: **CRITICAL**. <br>📈 **Priority**: **P1**. <br>🚀 **Reason**: CVSS Score indicates High Impact (H) on Confidentiality, Integrity, and Availability.…