CVE-2024-49260: 
WordPress vulnerability analysis and mitigation

A critical vulnerability (CVE-2024-49260) was discovered in the WordPress Gallery Plugin – Limb Image Gallery affecting versions up to 1.5.7. The vulnerability is classified as an Unrestricted Upload of File with Dangerous Type that allows for Code Injection. The issue was reported by researcher stealthcopter and was disclosed on October 14, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 9.9 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. It is categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type). The vulnerability requires Subscriber-level privileges to exploit (Patchstack).

This vulnerability is considered highly dangerous and is expected to become mass exploited. It allows malicious actors to upload any type of file to the website, including potential backdoors that can be executed to gain further access to the website (Patchstack).

Currently, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement immediate mitigation measures (Patchstack).