Name of the Vulnerable Software and Affected Versions:

SKT Page Builder plugin for WordPress versions up to, and including, 4.6

Description:

The issue allows for arbitrary file uploads due to a missing capability check on the `addLibraryByArchive` function. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.

Recommendations:

For versions up to, and including, 4.6, update to a version that includes a fix for the missing capability check on the `addLibraryByArchive` function to prevent arbitrary file uploads.

As a temporary workaround, consider disabling the `addLibraryByArchive` function until a patch is available.