Ex3Ptional

**Name of the Vulnerable Software and Affected Versions** Membership For WooCommerce WordPress plugin versions prior to 2.1.7 **Description** The issue allows unauthenticated users to upload arbitrary files, including malicious PHP code, which could lead to remote code execution (RCE). This is due to a lack of validation for uploaded files. **Recommendations** For versions prior to 2.1.7, update to version 2.1.7 or later to resolve the issue. As a temporary workaround, consider disabling file upload functionality until a patch is available. Restrict access to sensitive areas where file uploads are permitted to minimize the risk of exploitation.