Name of the Vulnerable Software and Affected Versions:

WP ULike Pro versions prior to 1.9.4

Description:

The WP ULike Pro plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the `WP Ulike Pro File Uploader` class. This allows unauthenticated attackers to upload arbitrary files, including `.php2`, `.php6`, `.php7`, `.phps`, `.pht`, `.phtm`, `.pgif`, `.shtml`, `.phar`, `.inc`, `.hphp`, `.ctp`, `.module`, `.html`, and `.svg`, to the server. Successful exploitation may enable further attacks, such as Cross-Site Scripting.

Recommendations:

Update WP ULike Pro to version 1.9.4 or later.