CVE-2026-6555

Name of the Vulnerable Software and Affected Versions ProSolution WP Client versions prior to 2.0.1

Description The ProSolution WP Client plugin for WordPress allows unauthenticated attackers to upload malicious PHP files, potentially leading to remote code execution. This occurs due to an array validation mismatch where the system only validates the extension and MIME type of the first file in an upload array, while all subsequent files are processed and uploaded to a web-accessible directory. An attacker can exploit this by sending a valid file first, followed by a malicious one.

Recommendations Update the plugin to a version later than 2.0.0.