CVE-2024-50420: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-50420) affects the WordPress aDirectory plugin versions up to 1.3. It is classified as an Unrestricted Upload of File with Dangerous Type vulnerability that allows attackers to upload a web shell to a web server. The vulnerability was discovered by researcher stealthcopter and was publicly disclosed on October 24, 2024 (Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). It has received a Critical CVSS v3.1 base score of 10.0, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and high impact on confidentiality, integrity, and availability (Patchstack).

This vulnerability is considered highly dangerous and is expected to become mass exploited. It allows malicious actors to upload any type of file to the website, including backdoors which can be executed to gain further access to the website (Patchstack).

Users are advised to update to version 1.3.1 or later of the aDirectory plugin to resolve this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).