关键信息 Description Vulnerability: WordPress Plugin Omni Secure Files 'upload.php' Arbitrary File Upload (0.1.13) Cause: The application fails to sanitize user-supplied input adequately. Impact: Attackers can upload arbitrary PHP code and execute it within the web server process, leading to unauthorized access or privilege escalation. Affected Version: 0.1.13 (prior versions may also be affected) Severity Level: High Classification CWE: 434 CVSS 3.0: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS 4.0: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Tags Missing Update Unauthenticated File Upload Remediation Update to plugin version 0.1.14 or the latest version. References Security Focus Exploit DB 1337day PacketStorm Security Secunia Related Vulnerabilities WordPress Plugin PostmagThemes Demo Import Arbitrary File Upload (1.0.7) WordPress Plugin Debug Bar Unspecified Vulnerability (0.8) WordPress 4.7.x Possible SQL Injection Vulnerability (4.7 - 4.7.6) WordPress Plugin IP Logger Arbitrary File Upload (3.1) LiteSpeed Web Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2333)