Name of the Vulnerable Software and Affected Versions:

RexTheme WP VR versions through 8.5.26

Description:

The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential control of the server.

Recommendations:

For RexTheme WP VR versions through 8.5.26, update to a version later than 8.5.26 to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary and safe file types until a patch is available.