CVE-2023-34385: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2023-34385 is an Unrestricted Upload of File with Dangerous Type vulnerability affecting the WordPress Export Import Menus plugin versions up to 1.8.0. The vulnerability was discovered by Emili Castells and was publicly disclosed on September 4, 2023 (Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). It received a CVSS v3.1 base score of 8.8 (HIGH) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Patchstack assessed it with a CVSS score of 9.9 (CRITICAL) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (NVD).

This vulnerability could allow a malicious actor to upload any type of file to the affected website, including potential backdoors which could then be executed to gain further access to the website. The high CVSS scores indicate that this vulnerability has significant potential for exploitation with severe consequences (Patchstack).

The vulnerability has been fixed in version 1.9.0 of the Export Import Menus plugin. Users are advised to update to version 1.9.0 or later immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).