CVE-2017-16871
The CVE-2017-16871 entry concerns the WordPress UpdraftPlus plugin (versions up to 1.13.12). A race condition in the plupload_action function, before deleting a file tied to the name parameter in /wp-content/plugins/updraftplus/admin.php, allows remote PHP code execution. The vendor notes this do...