CVE-2024-7770

Name of the Vulnerable Software and Affected Versions The Bit File Manager plugin for WordPress versions up to, and including, 6.5.5

Description The issue is related to arbitrary file uploads due to missing file type validation in the upload function. This allows authenticated attackers with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For versions up to, and including, 6.5.5, upgrade to version 6.5.6 as soon as possible to resolve the issue. As a temporary workaround, consider restricting upload permissions to minimize the risk of exploitation.