CVE-2024-56249

Critical

Published: 02 January 2025

Published

02 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.4159 97.4th percentile

Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56249 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1505.003). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring timely patching of the vulnerable WPMasterToolKit plugin to remediate the unrestricted file upload flaw.

SI-10 Information Input Validation good match

prevent

Enforces validation of file upload inputs to block dangerous types like web shells, addressing the core CWE-434 vulnerability in the plugin.

SI-3 Malicious Code Protection good match

preventdetect

Deploys malicious code protection mechanisms to scan for and prevent execution of web shells uploaded through the plugin's vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Unrestricted file upload (CWE-434) explicitly enables direct deployment of web shells to the web server.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through <= 1.13.1.

Deeper analysisAI

CVE-2024-56249 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) in the WPMasterToolKit WordPress plugin developed by Ludwig You. This flaw affects all versions of the wpmastertoolkit plugin from n/a through 1.13.1 and enables attackers to upload a web shell directly to the web server.

The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating exploitation over the network with low complexity but requiring high privileges, such as administrator access. An authenticated attacker with sufficient permissions can upload malicious files like web shells, achieving high impacts on confidentiality, integrity, and availability while changing scope to potentially compromise the broader server environment.

Patchstack's advisory at https://patchstack.com/database/Wordpress/Plugin/wpmastertoolkit/vulnerability/wordpress-wpmastertoolkit-plugin-1-13-1-arbitrary-file-upload-vulnerability?_s_id=cve documents this arbitrary file upload issue in WPMasterToolKit version 1.13.1, providing details for security practitioners to assess and address exposure in affected WordPress installations.

Details

CWE(s): CWE-434

CVEs Like This One

CVE-2024-56264Shared CWE-434

CVE-2026-4808Shared CWE-434

CVE-2026-22241Shared CWE-434

CVE-2025-23942Shared CWE-434

CVE-2024-55417Shared CWE-434

CVE-2020-36942Shared CWE-434

CVE-2024-57169Shared CWE-434

CVE-2023-53933Shared CWE-434

CVE-2025-68909Shared CWE-434

CVE-2021-47757Shared CWE-434

References

https://patchstack.com/database/Wordpress/Plugin/wpmastertoolkit/vulnerability/wordpress-wpmastertoolkit-plugin-1-13-1-arbitrary-file-upload-vulnerability?_s_id=cve
audit@patchstack.com