CVE-2024-25925: 
WordPress vulnerability analysis and mitigation

The SysBasics Easy Checkout Field Editor, Fees & Discounts plugin for WordPress contains an Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2024-25925). This vulnerability affects versions up to and including 3.5.12 of the WooCommerce Easy Checkout Field Editor, Fees & Discounts plugin. The vulnerability was discovered and disclosed on February 14, 2024 (Patchstack).

The vulnerability is classified as an Arbitrary File Upload issue due to missing file type validation in the affected versions. It has received a Critical CVSS v3.1 base score of 10.0 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating the highest possible severity level (NVD).

This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site's server, which could potentially lead to remote code execution. The critical severity score indicates that successful exploitation could result in complete system compromise (Wordfence, WPScan).

The vulnerability has been patched in version 3.5.13 of the plugin. Site administrators are strongly advised to update to this version immediately. For those unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until the update can be applied (Patchstack).