CVE-2022-29451

Name of the Vulnerable Software and Affected Versions Rara One Click Demo Import plugin version 1.2.9 and earlier

Description The issue allows attackers to trick logged-in admin users into uploading dangerous files into the /wp-content/uploads/ directory through a Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability.

Recommendations For Rara One Click Demo Import plugin version 1.2.9 and earlier, update to a version later than 1.2.9 to resolve the issue. As a temporary workaround, consider restricting access to the /wp-content/uploads/ directory to minimize the risk of exploitation.