CVE-2024-31115: 
WordPress vulnerability analysis and mitigation

The CVE-2024-31115 affects the Chauffeur Taxi Booking System for WordPress plugin versions 7.2 and below. This vulnerability was discovered by Kursat Cetin and publicly disclosed on March 29, 2024. The issue is classified as an Unrestricted Upload of File with Dangerous Type vulnerability, which allows unauthenticated attackers to upload arbitrary files to the affected site's server (Patchstack, WPScan).

The vulnerability stems from missing file type validation in the plugin's file upload functionality. This security flaw has been assigned a CVSS score of 10.0, indicating the highest severity level. The technical nature of the vulnerability allows unauthenticated attackers to bypass file type restrictions and upload potentially malicious files to the server (Patchstack).

The vulnerability could potentially lead to remote code execution on the affected server through the upload of malicious files. This poses a significant security risk as attackers require no authentication to exploit the vulnerability, potentially leading to complete server compromise (Patchstack).

The vulnerability has been patched in version 7.3 of the Chauffeur Taxi Booking System for WordPress plugin. Site administrators are strongly advised to update to this version immediately. For those unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).