CVE-2022-1540

Name of the Vulnerable Software and Affected Versions PostmagThemes Demo Import WordPress plugin versions 1.0.0 through 1.0.7

Description The issue allows high-privilege users, such as admins, to upload arbitrary files, including PHP files, due to a lack of validation of the imported file. This can lead to remote code execution (RCE).

Recommendations For PostmagThemes Demo Import WordPress plugin versions 1.0.0 through 1.0.7, update to a version later than 1.0.7 to resolve the issue. As a temporary workaround, consider restricting the file upload functionality to prevent arbitrary file uploads until a patch is available.