How to Fix WordPress WPLMS theme privilege escalation vulnerability
Vulnerability Description: The vulnerable code is located in the /includes/func.php the function import_data can be called by logged in users and executed which can lead to modifying wordpress settings and adding a new administrator which may cause the site a full take over! add_action( ‘wp_ajax_import_data’, ‘import_data’ ); function import_data(){ $name = stripslashes($_POST[‘name’]); $code = base64_decode(trim($_POST[‘code’])); if(is_string($code)) […]