1. Description:
----------------------
WordPress Plugin Advanced Uploader <=4.2 allows authenticated arbitrary file upload. Any file(type) can be uploaded. A malicious user can perform remote code execution on the backend webserver.
2. Proof of Concept:
----------------------
- Upload file/webshell/backdoor with the Advanced Uploader plugin;
- File is uploaded in the Wordpress Media Library;
- Go to /wp-content/uploads/ where the file is saved;
- Click on the uploaded file for whatever it's supposed to do (RCE, reverse shell).