CVE-2024-6319

Name of the Vulnerable Software and Affected Versions: IMGspider plugin for WordPress versions up to, and including, 2.3.10

Description: The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations: For versions up to, and including, 2.3.10, update to a version that includes the fix for the arbitrary file upload vulnerability. As a temporary workaround, consider disabling the upload function in the IMGspider plugin until a patch is available. Restrict access to the plugin's upload functionality to minimize the risk of exploitation.