CVE-2024-25913: 
WordPress vulnerability analysis and mitigation

The MoveTo WordPress plugin contains an Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2024-25913) affecting versions up to and including 6.2. The vulnerability was discovered by Dave Jong and publicly disclosed on February 12, 2024. This security issue allows unauthenticated attackers to upload arbitrary files to the affected site's server (WPScan, Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has received a CVSS v3.1 base score of 10.0 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The security flaw stems from missing file type validation in an unspecified function of the plugin (Patchstack).

The vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site's server, which could potentially lead to remote code execution. This represents a critical security risk as it provides attackers with the ability to execute malicious code on the compromised system (WPScan).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. Website owners are advised to implement the virtual patch immediately or consider alternative security measures (Patchstack).