CVE-2021-24770

Name of the Vulnerable Software and Affected Versions: Stylish Price List WordPress plugin versions prior to 6.9.1

Description: The issue arises from the lack of capability checks in the spl upload ser img AJAX action, which is accessible to authenticated users. This could allow any authenticated user, such as a subscriber, to upload arbitrary images.

Recommendations: For versions prior to 6.9.1, update to version 6.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the spl upload ser img AJAX action to prevent unauthorized image uploads until a patch is applied.