Description The theme is vulnerable to arbitrary file uploads due to missing file type validation when extracting zip files in the ‘process_upload’ and ‘regenerate_icon_files’ functions. This makes it possible for authenticated attackers with author permissions to upload arbitrary files on the affected site’s server which may make remote code execution possible