Skip to main content

Novel Design Store Directory CVE-2024-51788

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2024-11-11 audit@patchstack.com
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
CVSS changed
Apr 23, 2026 - 15:22 NVD
10.0 (CRITICAL)
CVE Published
Nov 11, 2024 - 06:15 nvd
N/A

DescriptionCVE.org

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through <= 4.3.0.

AnalysisAI

Unrestricted file upload in Joshua Wolfe's The Novel Design Store Directory plugin (versions up to and including 4.3.0) allows remote unauthenticated attackers to upload web shells and achieve full server compromise. With a maximum CVSS of 10.0, scope change, and an EPSS of 56.19% (98th percentile), this is among the highest-risk WordPress plugin issues; no public exploit is identified at time of analysis but exploitation probability is extremely elevated. Reported by Patchstack, the flaw enables direct arbitrary code execution against any site running the affected plugin.

Technical ContextAI

The vulnerability is a CWE-434 Unrestricted Upload of File with Dangerous Type, meaning the plugin's upload handler fails to validate file extensions, MIME types, or content before writing user-supplied files into a web-accessible location on the WordPress server. The affected component is the The Novel Design Store Directory plugin (slug: noveldesign-store-directory), a third-party WordPress extension authored by Joshua Wolfe. Because WordPress executes PHP files served from its content directories, uploading a .php payload yields immediate code execution under the web server user (typically www-data or apache), and the CVSS scope change (S:C) reflects that compromise of the plugin sandbox extends to the entire hosting environment and any co-located sites or databases.

Affected ProductsAI

The affected product is The Novel Design Store Directory WordPress plugin (slug: noveldesign-store-directory) by Joshua Wolfe, all versions from n/a through and including 4.3.0. No CPE string was provided in the input data, and no specific vendor advisory URL beyond the Patchstack reporter attribution was supplied; defenders should consult the Patchstack vulnerability database (patchstack.com) for the canonical advisory.

RemediationAI

No vendor-released patched version is identified in the available data, so the primary action is to immediately deactivate and remove the The Novel Design Store Directory plugin from any WordPress installation until Joshua Wolfe publishes a fixed release above 4.3.0; check the Patchstack advisory referenced by the reporter (audit@patchstack.com) for the latest fix status. As compensating controls, restrict access to the plugin's upload endpoints via a WAF rule blocking POST requests to plugin paths under /wp-content/plugins/noveldesign-store-directory/, deny PHP execution within wp-content/uploads using a web-server-level rule (Apache: <FilesMatch \.ph(p[3-7]?|tml)$> Require all denied; nginx: location ~* /wp-content/uploads/.*\.php$ { deny all; }), and enable a virtual patch through Patchstack or Wordfence - note that disabling the plugin removes any directory functionality it provides, and PHP-in-uploads denial rules may break other plugins that legitimately stage PHP there.

Share

CVE-2024-51788 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy