Report
The Prevent files / folders access plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mo_media_restrict_page function in versions up to, and including, 2.5.1. This makes it possible for authenticated attackers, with administrator-level privileges and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Score:7.2
Severity:High
Version:< 2.5.2
There is a patch available in v2.5.2 and we strongly recommend you update to this version as soon as possible.
