CVE-2024-52377: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-52377) affects BdThemes Instant Image Generator WordPress plugin through version 1.5.4. It is classified as an Unrestricted Upload of File with Dangerous Type vulnerability that allows attackers to upload a web shell to a web server (NVD, Patchstack). The vulnerability was discovered and reported on November 11, 2024.

The vulnerability is tracked as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has received a CVSS v3.1 base score of 10.0 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). This indicates the highest severity level with network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability allows attackers to upload any type of file to the affected website, including malicious backdoors which can then be executed to gain further access to the website. This could lead to complete system compromise due to the critical nature of the vulnerability (Patchstack).

Users are advised to update to version 1.5.3 or later immediately to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).