CVE-2024-52447: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability (CVE-2024-52447) was discovered in Corporate Zen Contact Page With Google Map WordPress plugin affecting versions through 1.6.1. The vulnerability was reported on November 18, 2024, and publicly disclosed on November 20, 2024. This security flaw allows for arbitrary file deletion in WordPress installations using the affected plugin (Patchstack).

The vulnerability is classified as a Path Traversal: '.../.../' type vulnerability, which received a CVSS v3.1 Base Score of 8.6 (High). The technical assessment indicates that the vulnerability can be exploited without authentication, requiring network access with no user interaction. The attack complexity is rated as low, with the scope being changed and potentially affecting components beyond the vulnerable component's security scope (Patchstack).

The vulnerability enables arbitrary file deletion capabilities on affected WordPress websites. If successfully exploited, an attacker could delete critical files from the website, potentially causing the site to break and cease functioning. The high CVSS score of 8.6 indicates significant potential impact, particularly concerning availability (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately to protect their installations (Patchstack).