EUVD-2026-20531
GHSA-58qw-hm39-96q8
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Analysis
Unauthenticated arbitrary file upload in ProSolution WP Client plugin (≤1.9.9) enables attackers to upload executable files without validation via the 'proSol_fileUploadProcess' function, leading to remote code execution on WordPress servers. Critical severity (CVSS 9.8) with network-accessible attack vector requiring no authentication or user interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Immediately disable and deactivate ProSolution WP Client plugin on all WordPress installations; audit server logs for suspicious file uploads to wp-content/uploads and plugin directories since plugin deployment. Within 7 days: Remove the plugin entirely and replace with alternative functionality; scan all uploaded files for webshells or malicious executables; review WordPress user accounts for unauthorized administrative access created during potential exploitation window. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today