Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files

PoC

Note: This must be tested on a web server running Apache 1) Create a new post 2) Add e-Learning block to the post and upload a zip file containing a blank HTML file (e.g. main.html) and a Phar filed with the name cmd.phar). In cmd.phar, add the contents ``. Malicious .htaccess files works too. 3) After uploading, browse to http://example.com//wp-content/uploads/articulate_uploads/__ZIP_NAME_HERE__/cmd.phar?cmd=ls 4) You will see a listing of contents using the ls command