Cyber Resilience

CVE-2024-56249

Critical

Published: 02 January 2025

Published
02 January 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.4816 97.8th percentile
Risk Priority 47 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56249 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 2.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2024-56249 is an unrestricted upload of a file with dangerous type (CWE-434) in the WPMasterToolKit WordPress plugin. It affects all versions through 1.13.1 and allows an attacker to upload files such as web shells directly to the server.

An authenticated user with high privileges can exploit the flaw over the network with low attack complexity and no user interaction required. Successful exploitation grants code execution that impacts confidentiality, integrity, and availability on the affected server, consistent with the CVSS 9.1 rating that includes a changed scope.

The vulnerability is documented in the Patchstack database entry for the WPMasterToolKit plugin, which identifies the arbitrary file upload issue in versions up to 1.13.1. The current EPSS score stands at 0.4816.

EU & UK References

Vulnerability details

Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through <= 1.13.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload (CWE-434) explicitly enables direct deployment of web shells to the web server.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22241Shared CWE-434
CVE-2025-23942Shared CWE-434
CVE-2026-4808Shared CWE-434
CVE-2024-56264Shared CWE-434
CVE-2021-35485Shared CWE-434
CVE-2024-55417Shared CWE-434
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely patching of the vulnerable WPMasterToolKit plugin to remediate the unrestricted file upload flaw.

prevent

Enforces validation of file upload inputs to block dangerous types like web shells, addressing the core CWE-434 vulnerability in the plugin.

preventdetect

Deploys malicious code protection mechanisms to scan for and prevent execution of web shells uploaded through the plugin's vulnerability.

References