CVE-2024-50494: 
WordPress vulnerability analysis and mitigation

The Sudan Payment Gateway for WooCommerce plugin versions through 1.2.2 contains an Unrestricted Upload of File with Dangerous Type vulnerability. This security flaw was discovered on October 16, 2024, and publicly disclosed on October 25, 2024. The vulnerability affects the Amin Omer Sudan Payment Gateway for WooCommerce plugin and allows attackers to upload a web shell to the web server (Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). It has received a Critical CVSS v3.1 base score of 10.0, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. This indicates that the vulnerability requires no privileges (unauthenticated), no user interaction, and can be exploited remotely with low attack complexity (Patchstack).

The vulnerability is considered highly dangerous and is expected to become mass exploited. It allows malicious actors to upload any type of file to the affected website, including backdoors which can then be executed to gain further access to the website. The high CVSS score of 10.0 indicates maximum impact on confidentiality, integrity, and availability of the system (Patchstack).

Currently, there is no official fix available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. Website administrators are advised to mitigate or resolve the vulnerability immediately (Patchstack).