CVE-2024-53811: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-53811) affects POSIMYTH WDesignkit WordPress plugin versions through 1.0.40. It is classified as an Unrestricted Upload of File with Dangerous Type vulnerability that allows an attacker to upload a Web Shell to a Web Server (NVD, Patchstack). The vulnerability was discovered and reported by researcher tahu.datar on October 16, 2024, and was publicly disclosed on December 2, 2024.

The vulnerability is classified as an Arbitrary File Upload issue with a CVSS v3.1 base score of 6.6 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L. The vulnerability requires administrator privileges to exploit (Patchstack).

If exploited, this vulnerability could allow a malicious actor to upload any type of file to the website, including backdoors which could then be executed to gain further access to the website (Patchstack).

The vulnerability has been fixed in version 1.1.0 of the WDesignkit plugin. Users are advised to update to version 1.1.0 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).