The My Account Page Editor WordPress plugin prior to 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
koalaapps my account page editor |