CVE-2024-50473

CRITICAL

Ajar in5 Embed <= 3.1.3 - Unauthenticated Arbitrary File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50473. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated arbitrary file upload vulnerability in the Ajar in5 Embed WordPress plugin (versions <= 3.1.3). The exploit uses a multipart/form-data POST request to upload a ZIP file containing malicious content, which can lead to remote code execution.

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.3.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-50473

This PoC demonstrates an unauthenticated arbitrary file upload vulnerability in the Ajar in5 Embed WordPress plugin (versions <= 3.1.3). The exploit uses a multipart/form-data POST request to upload a ZIP file containing malicious content, which can lead to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Ajar in5 Embed WordPress plugin <= 3.1.3
No auth needed
Prerequisites: Access to the target WordPress site · A ZIP file containing a malicious payload (e.g., a web shell)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 10.0
EPSS 0.0103
EPSS Percentile 59.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
Ajar Productions/Ajar in5 Embed < 3.1.3
Published Oct 29, 2024
Tracked Since Feb 18, 2026