RainbowLink Inc. All Post Contact Form CVE-2024-50523
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allpost-contactform allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through <= 1.8.2.
AnalysisAI
Unrestricted file upload in the RainbowLink All Post Contact Form WordPress plugin (versions up to and including 1.8.2) allows remote unauthenticated attackers to upload web shells and achieve full server compromise. The CVSS 10.0 score with scope change (S:C) indicates the impact extends beyond the vulnerable component to the underlying WordPress host. No public exploit identified at time of analysis, and EPSS of 0.89% (75th percentile) suggests moderate but not yet widespread exploitation interest.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today