CVE-2024-52375: 
WordPress vulnerability analysis and mitigation

An Unrestricted Upload of File with Dangerous Type vulnerability has been identified in the Datasets Manager plugin by Arttia Creative, affecting versions up to 1.5. The vulnerability was discovered on October 6, 2024, and publicly disclosed on November 11, 2024. This security issue has been assigned CVE-2024-52375 and received a critical CVSS v3.1 score of 10.0 (Patchstack).

The vulnerability is classified as an Arbitrary File Upload issue (CWE-434), allowing unauthenticated attackers to upload files of dangerous types to affected WordPress installations. The severity is rated as Critical with a CVSS v3.1 Base Score of 10.0 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating the highest possible risk level (Patchstack).

The vulnerability could allow malicious actors to upload any type of file to the affected website, including potential backdoors which could then be executed to gain further access to the website. Given the critical CVSS score and unauthenticated nature of the exploit, this vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement mitigation measures immediately (Patchstack).

The vulnerability has been acknowledged in the WordPress security community, with Wordfence Intelligence including it in their weekly WordPress vulnerability report (Wordfence).