The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.Referenceshttps://wpvulndb.com/vulnerabilities/8612https://wordpress.org/plugins/cysteme-finder/#developers
