CVE-2024-52429

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 18, 2024
Updated: Nov 20, 2024
CWE ID 434

Summary

CVE-2024-52429 is a new vulnerability affecting Anton Hoelstad's WP Quick Setup plugin. Hackers can exploit this Unrestricted File Upload vulnerability to upload a web shell to a web server, gaining unauthorized access and control. This issue puts all versions of WP Quick Setup from n/a to 2.0 at risk. Successful exploitation could lead to serious security consequences, including data theft, website defacement, or even complete site takeover. Users are urged to update their plugins as soon as a patch becomes available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share