Arbitrary File Upload Vulnerability in My Account Page Editor WordPress Plugin

Arbitrary File Upload Vulnerability in My Account Page Editor WordPress Plugin

CVE-2023-4536 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE

Learn more about our Wordpress Pen Testing.