CVE-2021-24663
The CVE-2021-24663 entry concerns the Simple Schools Staff Directory WordPress plugin (versions up to 1.1). The issue is that the plugin does not validate uploaded logo images to confirm they are images, allowing high-privilege users (e.g., admins) to upload arbitrary files such as PHP code, whic...