The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCECreditsRoel van BeurdenReferenceshttps://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18
