CVE-2024-33644: 
WordPress vulnerability analysis and mitigation

The Customify Site Library WordPress plugin through version 0.0.9 contains a Code Injection vulnerability. This security issue was discovered and reported by Abdi Pranata, and was publicly disclosed on April 25, 2024. The vulnerability has been assigned CVE-2024-33644 and received a Critical CVSS v3.1 score of 9.9 (Patchstack).

The vulnerability is classified as an Improper Control of Generation of Code (Code Injection) issue, identified as CWE-94. The vulnerability has received a CVSS v3.1 Base Score of 9.9 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating network accessibility, low attack complexity, low privileges required, no user interaction needed, and high impacts on confidentiality, integrity, and availability (Patchstack).

This vulnerability is classified as highly dangerous and is expected to become mass exploited. It could allow a malicious actor to execute commands on the target website, potentially leading to full control of the website through backdoor access (Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement mitigation measures immediately (Patchstack).