CVE-2023-29102: 
WordPress vulnerability analysis and mitigation

The CVE-2023-29102 is an Unrestricted Upload of File with Dangerous Type vulnerability affecting the Olive Themes Olive One Click Demo Import WordPress plugin versions through 1.1.1. The vulnerability was discovered on August 28, 2023, and publicly disclosed through Patchstack (Patchstack Advisory).

The vulnerability exists in the olive_one_click_demo_import_save_file function due to missing file type validation. The issue has received a CVSS v3.1 base score of 9.1 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H according to Patchstack's assessment, while NIST assigned a score of 7.2 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD Database).

The vulnerability allows authenticated attackers with administrator-level privileges to upload arbitrary files to the affected site's server, potentially enabling remote code execution. This could lead to complete compromise of the affected WordPress installation (WPScan).

As of the latest reports, there is no known official fix available for this vulnerability. Website administrators using the affected plugin versions should consider either removing the plugin or implementing strict access controls to administrator accounts (Patchstack Advisory).