CVE-2023-51419: 
WordPress vulnerability analysis and mitigation

The BERTHA AI WordPress plugin (versions up to 1.11.10.7) contains an Unrestricted Upload of File with Dangerous Type vulnerability, identified as CVE-2023-51419. This vulnerability was discovered on December 27, 2023, affecting the AI co-pilot plugin for WordPress and Chrome (Patchstack, WPScan).

The vulnerability exists in the 'bthai_wa_translate_audio_callback' function due to missing file type validation. The severity is rated as Critical with a CVSS v3.1 base score of 9.8 (NIST) and 10.0 (Patchstack). The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) (NVD).

This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site's server, potentially enabling remote code execution. The high CVSS scores indicate the critical nature of this vulnerability and its potential for severe impact on affected systems (Patchstack).

The vulnerability has been fixed in version 1.11.10.8 of the BERTHA AI plugin. Users are strongly advised to update to this version or later to resolve the security issue. Patchstack has issued a virtual patch to mitigate this issue by blocking attacks until users can update to the fixed version (Patchstack).