Primary

Context

ProSolution WP Client Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability in the ProSolution WP Client plugin for WordPress, present in all versions through 1.9.9, allows for arbitrary file uploads. This issue arises from inadequate file type validation in the 'proSol_fileUploadProcess' function. As a result, unauthenticated attackers can upload arbitrary files to the affected site's server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads, with the potential for remote code execution on the server.

Reproduction

To reproduce this vulnerability, upload a file through the 'proSol_fileUploadProcess' function without proper file type validation. This can be done by bypassing the whitelisted file extensions and mimetypes.

Remediation

Users are advised to update the ProSolution WP Client plugin to version 2.0.0 or later.

Added: Apr 8, 2026, 8:41 PM

Updated: Apr 8, 2026, 8:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.0

remediation

0.0

relevance

5.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.0

remediation

0.0

relevance

5.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ProSolution WP Client Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating