CVE-2021-24757

Name of the Vulnerable Software and Affected Versions: Stylish Price List WordPress plugin versions prior to 6.9.0

Description: The issue concerns the Stylish Price List WordPress plugin, which does not perform capability checks in its spl upload ser img AJAX action. This action is available to both unauthenticated and authenticated users, potentially allowing unauthenticated users to upload images.

Recommendations: For versions prior to 6.9.0, update to version 6.9.0 or later to resolve the issue. As a temporary workaround, consider disabling the spl upload ser img AJAX action until a patch is available. Restrict access to this action to minimize the risk of exploitation.