WordPress Helios Solutions Brand Logo Slider plugin <= 2.1 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability found by Net-Hunter in WordPress Helios Solutions Brand Logo Slider plugin versions = 2.1. Solution 2020-12-03 - we found only notification from wordpress.org plugin repository "This plugin has been closed as of October 21, 2020 and is not availab...

Helios Solutions Brand Logo Slider <= 2.1 - Authenticated Arbitrary File Upload

An Authenticated user admin+ can bypass the security check of the plugin and upload arbitrary files via the Brand Logo. PoC The PoC will be displayed once the issue has been remediated...