Zdenys

**Name of the Vulnerable Software and Affected Versions** WavePlayer WordPress plugin versions prior to 3.8.0 **Description** The software does not have proper authorization checks for an AJAX action and lacks file validation when copying files locally. This allows unauthenticated users to upload arbitrary files to the server, potentially leading to remote code execution. **Recommendations** Update to version 3.8.0 or later.