CVE-2024-49329 is a critical security vulnerability found in the WP REST API FNS plugin developed by vivek2tamrakar, affecting versions up to and including 1.0.0. The vulnerability arises from the plugin's failure to properly restrict or validate file uploads via its REST API endpoints, allowing an attacker to upload files with dangerous types, such as web shells. Web shells are malicious scripts that enable remote code execution on the compromised server, granting attackers the ability to execute arbitrary commands, escalate privileges, and maintain persistent access. This vulnerability does not require authentication or user interaction, significantly lowering the barrier for exploitation. The plugin's unrestricted file upload mechanism can be abused to bypass typical security controls, leading to full compromise of the hosting environment. Although no public exploits have been reported yet, the vulnerability's characteristics make it a prime target for attackers seeking to compromise WordPress-based websites. The lack of a CVSS score indicates that the vulnerability is newly disclosed, but its impact and exploitability clearly indicate a critical threat. The vulnerability affects all installations using the vulnerable plugin version, which may be present in various WordPress sites globally, especially those that rely on third-party plugins for REST API enhancements.

The exploitation of CVE-2024-49329 can have severe consequences for affected organizations. Attackers can upload web shells to the server, enabling remote code execution, which can lead to complete server takeover. This compromises confidentiality by exposing sensitive data stored on the server, integrity by allowing modification or deletion of files and data, and availability by potentially disrupting services or deploying ransomware. Organizations may suffer data breaches, defacement of websites, loss of customer trust, and regulatory penalties. The vulnerability's ease of exploitation without authentication increases the risk of widespread attacks, especially on websites with high traffic or those hosting sensitive information. Additionally, compromised servers can be used as pivot points for further attacks within internal networks or as part of botnets. The impact extends beyond individual sites to the broader ecosystem of WordPress users, given the widespread use of WordPress and its plugins.

1. Immediately remove or disable the WP REST API FNS plugin if it is not essential. 2. If the plugin is required, check for and apply any available patches or updates from the vendor or trusted sources. 3. Implement strict server-side validation of file uploads, restricting allowed file types to safe formats only (e.g., images) and blocking executable or script files. 4. Employ Web Application Firewalls (WAFs) with rules to detect and block attempts to upload web shells or suspicious files. 5. Monitor web server logs and REST API access patterns for unusual upload activity or requests. 6. Restrict file upload permissions and isolate upload directories with minimal privileges to limit execution capabilities. 7. Regularly audit installed plugins and remove any that are outdated, unsupported, or unnecessary. 8. Educate site administrators about the risks of installing unverified plugins and encourage the use of plugins from reputable sources. 9. Consider implementing runtime application self-protection (RASP) solutions to detect and block malicious behavior in real time. 10. Backup website data regularly and ensure backups are stored securely offline to enable recovery in case of compromise.