CVE-2022-0537 MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...