CVE-2024-24714: 
WordPress vulnerability analysis and mitigation

The Icons Font Loader WordPress plugin contains an arbitrary file upload vulnerability (CVE-2024-24714) affecting versions up to and including 1.1.4. The vulnerability was discovered by Vulzap and publicly disclosed on January 31, 2024. This security issue affects the plugin's 'upload' function due to missing file type validation (WPScan).

The vulnerability stems from insufficient file type validation in the 'upload' function of the Icons Font Loader plugin. It has been assigned a CVSS score of 7.2, indicating a low to moderate severity level. The CVSS vector string is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H (Vulzap, Patchstack).

The vulnerability allows authenticated attackers with administrator access to upload arbitrary files to the affected site's server, potentially enabling remote code execution. This could lead to unauthorized access and compromise of the affected WordPress installation (WPScan, Patchstack).

The vulnerability has been fixed in version 1.1.5 of the Icons Font Loader plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).