CVE-2023-51473: 
WordPress vulnerability analysis and mitigation

An Unrestricted Upload of File with Dangerous Type vulnerability was discovered in the Pixelemu TerraClassifieds – Simple Classifieds WordPress Plugin, tracked as CVE-2023-51473. The vulnerability affects all versions of the plugin through version 2.0.3. The issue was initially reported on November 21, 2023, and was publicly disclosed on December 27, 2023 (Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has received a Critical severity rating. The CVSS v3.1 base score is 9.8 according to NVD (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and 10.0 according to Patchstack (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The vulnerability requires no authentication to exploit and has low attack complexity (NVD).

This vulnerability could allow malicious actors to upload any type of file to the affected website, including potential backdoors which could then be executed to gain further access to the website. The high CVSS score indicates that this vulnerability has the potential for complete compromise of system confidentiality, integrity, and availability (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. Website administrators are advised to implement immediate mitigation measures (Patchstack).