CVE-2024-12853: 
WordPress vulnerability analysis and mitigation

The Modula Image Gallery plugin for WordPress contains a critical security vulnerability (CVE-2024-12853) affecting all versions up to and including 2.11.10. The vulnerability stems from missing file type validation in the zip upload functionality, which could allow authenticated attackers with Author-level access or higher to upload arbitrary files to the affected site's server (NVD).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). It has received a CVSS v3.1 Base Score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, and can result in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability can potentially lead to remote code execution on the affected server through the upload of malicious files. The high CVSS score reflects the severe potential impact on system security, as successful exploitation could compromise the confidentiality, integrity, and availability of the affected WordPress installation (NVD).

Website administrators running the Modula Image Gallery plugin should immediately update to a version newer than 2.11.10 if available. In the absence of an update, it is recommended to restrict Author-level access and monitor file upload activities closely (NVD).