CVE-2018-19370
The CVE-2018-19370 entry concerns Yoast SEO (wordpress-seo) plugin for WordPress, specifically versions before 9.2.0. A race-condition in unzip_file (admin/import/class-import-settings.php) allows an SEO Manager to execute OS commands via a ZIP import. Public sources in the connected documents co...