Fuad Pilus

**Name of the Vulnerable Software and Affected Versions** Complete Gallery Manager plugin versions prior to 3.3.4 rev40279 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `/frames/upload-images.php` endpoint, and then accessing it via a direct request to the file in `wp-content/[year]/[month]/`. **Recommendations** For versions prior to 3.3.4 rev40279, update to version 3.3.4 rev40279 or later to resolve the issue. As a temporary workaround, consider restricting access to the `upload-images.php` file in the `frames` directory to minimize the risk of exploitation.