Description
WordPress Plugin Simple:Press is prone to security bypass and arbitrary file upload vulnerabilities. Attackers can leverage these issues to bypass certain security restrictions and to upload and execute arbitrary code in the context of the application. WordPress Plugin Simple:Press versions prior to 4.1.3 are vulnerable.
Remediation
Update to plugin version 4.1.3 or latest
References
Related Vulnerabilities
WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.1.44)
WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.4)
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16)
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-41079)
WordPress Plugin WP Database Backup Unspecified Vulnerability (4.1)