AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-49326: Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell

criticalvulnerability

security

Source: NVD/CVE DatabaseOctober 20, 2024CVE-2024-49326

Summary

A vulnerability in Affiliator (a WordPress plugin) version 2.1.3 and earlier allows attackers to upload dangerous file types, specifically web shells (malicious scripts that give attackers control of a server). This happens because the plugin does not properly restrict what kinds of files users can upload.

Vulnerability Details

CVSS Score

10(critical)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-434

CAPEC (Attack Pattern)

CAPEC-1

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-49326

First tracked: February 15, 2026 at 08:42 PM

Classified by LLM (prompt v3) · confidence: 95%