cleantalk
Vulnerabilities and Security Researches

ProSolution WP Client, CVE-2026-2942

CVE, Research URL

CVE-2026-2942

Home page URL

Security reports for ProSolution WP Client

Application

ProSolution WP Client

Published on
Apr 09, 2026
Research Description
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 2.0.0.
Status
vulnerable
Previous vulnerability researches
Verge3D Publishing and E-Commerce (CVE-2025-22709) , Jan 19, 2025
Verge3D Publishing and E-Commerce (CVE-2025-30833) , Apr 02, 2025
Verge3D Publishing and E-Commerce (CVE-2025-48241) , May 24, 2025
Verge3D Publishing and E-Commerce (CVE-2023-51421) , Jun 06, 2024
Verge3D Publishing and E-Commerce (CVE-2023-51420) , Jun 06, 2024
New vulnerability
Percent to Infograph (CVE-2026-1939) , Apr 16, 2026
Magic Login Mail (CVE-2026-2144) , Apr 16, 2026
PostmarkApp Email Integrator (CVE-2026-1043) , Apr 16, 2026
Name Directory (CVE-2026-1866) , Apr 15, 2026
Name Directory (CVE-2026-3178) , Apr 15, 2026