CVE-2024-30533: 
WordPress vulnerability analysis and mitigation

An Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2024-30533) was discovered in Techeshta Layouts for Elementor WordPress plugin affecting versions before 1.8. The vulnerability was reported by Abdi Pranata and disclosed on March 31, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The issue is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and allows unauthenticated attackers to upload arbitrary files to the affected WordPress installations (Patchstack).

This vulnerability could allow malicious actors to upload any type of file to the affected website, including potential backdoors which could then be executed to gain further access to the website. The high severity rating indicates significant potential impact on affected systems (Patchstack).

Users are advised to update to version 1.8 or later of the Layouts for Elementor plugin immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).