Name of the Vulnerable Software and Affected Versions:

Make Connector versions prior to 1.5.11

Description:

The Make Connector plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the `upload media` function. This allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the affected server, potentially leading to remote code execution.

Recommendations:

Update Make Connector to version 1.5.11 or later.