This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π‘οΈ **Root Cause**: **CWE-434** (Unrestricted Upload of File with Dangerous Type). π **Flaw**: Missing file type validation in the upload mechanism. The plugin accepts ANY file extension without checking if it is safe.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WordPress Plugin **Automatic Translation**. π **Versions**: **1.0.4 and earlier**. π’ **Vendor**: masterhomepage. π **Platform**: WordPress sites running this specific plugin.
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: Upload arbitrary files (PHP shells, scripts). π **Privileges**: **Unauthenticated** access required. π **Impact**: Full control over the server.β¦
β‘ **Threshold**: **VERY LOW**. π **Auth**: **None required** (Unauthenticated). π― **Complexity**: Low (AC:L). Simple HTTP POST request needed. No user interaction required (UI:N).
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit**: **YES**, Public POC available. π **Source**: GitHub (RandomRobbieBF/CVE-2024-50493). π **Details**: Curl command provided for arbitrary file upload. Wild exploitation is highly likely due to ease of use.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for plugin 'Automatic Translation' version <= 1.0.4. π§ͺ **Test**: Attempt to upload a `.php` file via the plugin's upload interface. π‘ **Tools**: Use vulnerability scanners (e.g., Patchstack, WPScanβ¦
π οΈ **Fix**: Update plugin to **version 1.0.5 or later** (implied by '1.0.4 and earlier' being vulnerable). π₯ **Action**: Check WordPress dashboard for updates.β¦
π§ **Workaround**: **Disable or Delete** the 'Automatic Translation' plugin if no update is available. π **Mitigation**: Block upload endpoints via WAF (Web Application Firewall) if possible. π **Hardening**: Restrict filβ¦
π₯ **Priority**: **CRITICAL / IMMEDIATE**. β³ **Urgency**: High. CVSS 9.8 + Unauthenticated + Public POC = Active Threat. π **Action**: Patch or disable **TODAY**. Do not wait for scheduled maintenance.