CVE-2024-51788: 
WordPress vulnerability analysis and mitigation

CVE-2024-51788 is an Unrestricted Upload of File with Dangerous Type vulnerability affecting The Novel Design Store Directory WordPress plugin through version 4.3.0. The vulnerability was discovered by researcher stealthcopter and was publicly disclosed on November 8, 2024. This security flaw allows unauthenticated attackers to upload a web shell to the web server (Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). It has received a Critical CVSS v3.1 base score of 10.0, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed (Patchstack).

The vulnerability allows malicious actors to upload any type of file to the affected website, including backdoors which can be executed to gain further access to the website. Due to its critical severity rating and ease of exploitation, this vulnerability is expected to become mass exploited (Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. Website owners are advised to implement mitigation measures immediately (Patchstack).