CVE-2023-52221: 
WordPress vulnerability analysis and mitigation

The CVE-2023-52221 affects UkrSolution's Barcode Scanner and Inventory Manager WordPress plugin versions up to 1.5.1. This vulnerability is classified as an Unrestricted Upload of File with Dangerous Type, discovered and reported by Rafie Muhammad. The vulnerability was publicly disclosed on January 24, 2024, and has received a Critical severity rating (NVD, Patchstack).

The vulnerability is characterized by a missing file type validation in the 'uploadFile' function, allowing for unrestricted file uploads. It has received a CVSS v3.1 base score of 9.8 (Critical) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and a score of 10.0 (Critical) from Patchstack with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) (WPScan).

This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site's server, potentially enabling remote code execution. The critical severity rating indicates that successful exploitation could lead to complete system compromise with high impacts on confidentiality, integrity, and availability (Patchstack).

The vulnerability has been patched in version 1.5.2 of the Barcode Scanner and Inventory Manager plugin. Users are strongly advised to update to this version or later to resolve the vulnerability (WPScan).