CVE-2023-51475: 
WordPress vulnerability analysis and mitigation

CVE-2023-51475 is an Unrestricted Upload of File with Dangerous Type vulnerability affecting the IOSS WP MLM SOFTWARE PLUGIN for WordPress through version 4.0. The vulnerability was discovered by Rafie Muhammad and was publicly disclosed on December 27, 2023. This security flaw affects the WP MLM Unilevel plugin, which currently has no official fix available (Patchstack, WPScan).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has received critical severity ratings. It has been assigned a CVSS v3.1 base score of 9.8 by NIST (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and a score of 10.0 by Patchstack (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The vulnerability stems from missing file type validation in the plugin (Patchstack).

This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site's server, potentially enabling remote code execution. The high CVSS scores indicate that this is a critical security issue that could lead to complete system compromise. The vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking attacks until an official fix becomes available. Website owners are advised to implement immediate mitigation measures or consider using Patchstack's protection (Patchstack).