Ccltt1201

**Name of the Vulnerable Software and Affected Versions** Theme Demo Import WordPress plugin versions prior to 1.1.1 **Description** The issue allows high-privilege users, such as admins, to upload arbitrary files, including PHP files, even when FILE MODS and FILE EDIT are disallowed, due to a lack of validation of the imported file. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the file import feature to minimize the risk of exploitation.