CVE-2023-51468: 
WordPress vulnerability analysis and mitigation

The Rencontre – Dating Site WordPress plugin versions up to 3.10.1 contains an Unrestricted Upload of File with Dangerous Type vulnerability. This critical security issue was discovered on December 27, 2023, and affects all versions of the plugin through version 3.10.1. The vulnerability has been assigned CVE-2023-51468 with a CVSS score of 9.8 (Critical) (Patchstack).

The vulnerability is classified as an Unrestricted Upload of File with Dangerous Type (CWE-434). It received a CVSS v3.1 base score of 9.8 CRITICAL with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely with no privileges required (NVD).

This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected website. The ability to upload dangerous file types could lead to remote code execution, potentially allowing attackers to gain further access to the website through uploaded backdoors (Patchstack).

The vulnerability has been patched in version 3.11 of the Rencontre – Dating Site plugin. Users are strongly advised to update to version 3.11 or later immediately. Patchstack has also issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).