WordPress · Postmagthemes Demo Import · CVE-2022-1540
**Name of the Vulnerable Software and Affected Versions**
PostmagThemes Demo Import WordPress plugin versions 1.0.0 through 1.0.7
**Description**
The issue allows high-privilege users, such as admins, to upload arbitrary files, including PHP files, due to a lack of validation of the imported file. This can lead to remote code execution (RCE).
**Recommendations**
For PostmagThemes Demo Import WordPress plugin versions 1.0.0 through 1.0.7, update to a version later than 1.0.7 to resolve the issue. As a temporary workaround, consider restricting the file upload functionality to prevent arbitrary file uploads until a patch is available.