The vulnerability CVE-2024-50496 in the AR For WordPress plugin allows unauthenticated attackers to upload files without proper restrictions on file types. This enables uploading of malicious files such as web shells, which can be executed on the server. The vulnerability affects versions up to 6.6 and has a CVSS score of 10.0, indicating critical severity with network attack vector, no required privileges or user interaction, and complete impact on confidentiality, integrity, and availability.

An attacker can upload and execute arbitrary code on the affected web server by uploading a web shell, leading to full system compromise. This includes unauthorized access, data theft, data modification, and potential disruption of service. The vulnerability poses a critical risk to any site using the affected plugin versions.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, restrict file upload permissions, disable the plugin if possible, or implement web application firewall (WAF) rules to block malicious file uploads. Monitor for suspicious activity related to file uploads.