Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-51793 β€” AI Deep Analysis Summary

CVSS 10.0 Β· Critical

Q1What is this vulnerability? (Essence + Consequences)

🚨 **Essence**: Critical Arbitrary File Upload in WordPress plugin 'Computer Repair Shop'. πŸ’₯ **Consequences**: Attackers upload malicious files (e.g., Webshells) β†’ Remote Code Execution (RCE) β†’ Full Server Compromise.…
Read full answer (login)

Q2Root Cause? (CWE/Flaw)

πŸ” **Root Cause**: CWE-434: Unrestricted Upload of File with Dangerous Type. ⚠️ **Flaw**: Missing file type validation in the upload mechanism. No checks on what files are accepted.

Q3Who is affected? (Versions/Components)

πŸ“¦ **Affected Product**: RepairBuddy (Computer Repair Shop) WordPress Plugin. πŸ‘€ **Vendor**: Ateeq Rafeeq (Webful Creations). πŸ“‰ **Versions**: All versions **≀ 3.8115**.

Q4What can hackers do? (Privileges/Data)

πŸ•΅οΈ **Attacker Actions**: Upload PHP Webshells or arbitrary scripts. πŸ”“ **Privileges**: Unauthenticated access (No login needed). πŸ’Ύ **Data Impact**: Full RCE.…
Read full answer (login)

Q5Is exploitation threshold high? (Auth/Config)

πŸ“‰ **Threshold**: **VERY LOW**. πŸ”‘ **Auth**: None required (Unauthenticated). βš™οΈ **Config**: Exploitable via standard `admin-ajax.php` endpoint. Easy to trigger.

Q6Is there a public Exp? (PoC/Wild Exploitation)

πŸ”₯ **Public Exploits**: **YES**. πŸ“‚ **PoCs**: Multiple GitHub repos exist (e.g., Nxploited, KTN1990, 0axz-tools, JoshuaProvoste). πŸ’£ **Status**: 0-click RCE exploits available. Wild exploitation risk is HIGH.

Q7How to self-check? (Features/Scanning)

πŸ”Ž **Self-Check**: Scan for 'Computer Repair Shop' or 'RepairBuddy' plugin. πŸ“Š **Version Check**: Verify installed version is **< 3.8116**. πŸ› οΈ **Tools**: Use WPScan or manual directory listing to detect plugin presence.

Q8Is it fixed officially? (Patch/Mitigation)

πŸ›‘οΈ **Official Fix**: **YES**. πŸ“ **Patch**: Update plugin to version **3.8116** or later. βœ… **Action**: Immediate upgrade recommended by vendor/security advisories.

Q9What if no patch? (Workaround)

🚧 **No Patch Workaround**: 1. **Disable Plugin**: Deactivate 'Computer Repair Shop' immediately. 2. **WAF Rules**: Block uploads to `admin-ajax.php` with PHP extensions. 3.…
Read full answer (login)

Q10Is it urgent? (Priority Suggestion)

πŸ”΄ **Urgency**: **CRITICAL / IMMEDIATE**. ⏱️ **Priority**: P1. πŸ’‘ **Reason**: Unauthenticated RCE + Public Exploits = Active Threat. Patch NOW or disable plugin.

Continue exploring

Vulnerability detail Full AI analysis (login) Ateeq Rafeeq CWE-434