Remote Code Execution (RCE)

yoast/wordpress-seo is vulnerable to remote code execution. An SEO Manager is able to execute arbitrary OS commands via a ZIP import through a race condition vulnerability in unzip_file in admin/import/class-import-settings.php.