Description The Olive One Click Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the olive_one_click_demo_import_save_file function in versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with administrator-level privileges and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.