CVE-2016-20075
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
The WordPress Ultimate Product Catalog plugin version 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality.
Risk Assessment
Attackers can upload PHP shells, allowing them to execute arbitrary code on the server, which poses a serious security threat to the system.
Recommendation
It is recommended to update the plugin to the latest version and restrict file upload permissions to trusted roles only.
Original NVD description (English source)
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.

