CVE-2023-51411: 
WordPress vulnerability analysis and mitigation

The Frontend Admin by DynamiApps WordPress plugin was found to contain an Unrestricted Upload of File with Dangerous Type vulnerability, identified as CVE-2023-51411. The vulnerability affects versions up to and including 3.18.3 of the plugin. This security issue was discovered by Rafie Muhammad and was publicly disclosed on December 27, 2023 (Patchstack, WPScan).

The vulnerability stems from missing file type validation in the 'ajax_add_attachment' function. The issue has received a Critical severity rating with a CVSS v3.1 base score of 9.8 (NIST) and 10.0 (Patchstack). The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) (Patchstack).

The vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site's server, potentially enabling remote code execution. This presents a significant security risk as attackers could upload malicious files including backdoors to gain further access to the website (WPScan, Patchstack).

The vulnerability has been patched in version 3.18.4 of the Frontend Admin plugin. Site administrators are strongly advised to update to this version or later immediately. Patchstack has also issued a virtual patch to mitigate this issue by blocking any attacks until users can update to the fixed version (Patchstack).