Name of the Vulnerable Software and Affected Versions:

WP Import Export Lite versions up to and including 3.9.28

Description:

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `wpie tempalte import` function. This allows authenticated attackers with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files to the affected site's server, potentially enabling remote code execution.

Recommendations:

Update WP Import Export Lite to a version later than 3.9.28.