CVE-2024-51789: 
WordPress vulnerability analysis and mitigation

The Image Classify WordPress plugin contains an Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2024-51789) that affects all versions up to and including 1.0.0. The vulnerability was discovered by researcher stealthcopter and was publicly disclosed on November 8, 2024. This security flaw allows unauthenticated attackers to upload arbitrary files to the affected site's server (WPScan, Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has received a CVSS v3.1 base score of 10.0 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The critical rating is due to the vulnerability requiring no authentication, having network accessibility, and potentially leading to complete system compromise (Patchstack).

The vulnerability allows attackers to upload any type of file to the affected website, including malicious files such as web shells or backdoors. This can lead to remote code execution capabilities on the affected server, potentially resulting in complete system compromise (Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website owners are advised to either implement the Patchstack mitigation or consider removing the plugin until a security update is released (Patchstack).