CVE-2024-50525

{"id": "CVE-2024-50525", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-04T14:15:14.983", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/helloprint/vulnerability/wordpress-helloprint-plugin-2-0-2-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in helloprint Helloprint helloprint allows Upload a Web Shell to a Web Server.This issue affects Helloprint: from n/a through <= 2.0.4."}, {"lang": "es", "value": "Vulnerabilidad de carga sin restricciones de archivo con tipo peligroso en Helloprint Plug your WooCommerce al cat\u00e1logo m\u00e1s grande de productos de impresi\u00f3n personalizados de Helloprint permite cargar un Web Shell a un servidor web. Este problema afecta a Plug your WooCommerce al cat\u00e1logo m\u00e1s grande de productos de impresi\u00f3n personalizados de Helloprint: desde n/a hasta 2.0.2."}], "lastModified": "2026-04-01T16:19:16.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helloprint:helloprint:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "22AC50B9-EF2F-4D67-971B-9EA549A7F4C7", "versionEndIncluding": "2.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}