Autoptimize, CVE-2020-24948

CVE, Research URL: CVE-2020-24948
Home page URL: Security reports for Autoptimize
Application: Autoptimize
Published on: Sep 03, 2020
Research Description: The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.
Affected versions: Min -, max 2.8.4.
Status: vulnerable