Analysis Summary

CVE-2024-50527 CVSS:10

Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.

CVE-2024-50529 CVSS:9.9

Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.

CVE-2024-50530 CVSS:9.9

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.

CVE-2024-50531 CVSS:10

Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.

CVE-2024-51582 CVSS:7.5

Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.

CVE-2024-51661 CVSS:9.1

Media Library Assistant plugin for WordPress could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection vulnerability. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.

Impact

• Gain Access

Indicators of Compromise

CVE

• CVE-2024-50527
• CVE-2024-50529
• CVE-2024-50530
• CVE-2024-50531
• CVE-2024-51582
• CVE-2024-51661

Affected Vendors

Remediation

Upgrade to the latest version, available from the WordPress Plugin Directory.

CVE-2024-50527

CVE-2024-50529

CVE-2024-50530

CVE-2024-50531

CVE-2024-51582

CVE-2024-51661