CVE-2024-52373: 
WordPress vulnerability analysis and mitigation

The CVE-2024-52373 is an Unrestricted Upload of File with Dangerous Type vulnerability affecting Team Devexhub's Devexhub Gallery WordPress plugin through version 2.0.1. The vulnerability was discovered by researcher stealthcopter and was publicly disclosed on November 11, 2024 (Patchstack, Wordfence).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has received a Critical CVSS v3.1 base score of 10.0 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability (Patchstack).

The vulnerability allows attackers to upload a web shell to the web server, which could lead to complete compromise of the affected system. This type of vulnerability could allow malicious actors to upload any type of file to the website, including backdoors which can then be executed to gain further access to the website (Patchstack).

As of the disclosure, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. Website owners are advised to mitigate or resolve the vulnerability immediately (Patchstack).