The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
autoptimize autoptimize |