CVE-2024-53811 – WordPress WDesignKit plugin <= 1.0.40 - Arbitrary File Upload vulnerability

https://notcve.org/view.php?id=CVE-2024-53811

Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40. The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.40. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wdesignkit/vulnerability/wordpress-wdesignkit-plugin-1-0-40-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •