CVE-2024-0757

Name of the Vulnerable Software and Affected Versions Insert or Embed Articulate Content into WordPress plugin through 4.3000000023

Description The issue arises from the plugin not properly filtering which file extensions are allowed to be imported on the server. This allows the uploading of malicious code within zip files, potentially leading to remote code execution.

Recommendations For versions through 4.3000000023, consider disabling the plugin until a patch is available to prevent the uploading of malicious zip files. Restrict access to the plugin's import functionality to minimize the risk of exploitation. Avoid using the plugin to import zip files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.