Report
Multiple themes for WordPress by Themify Themes are vulnerable to arbitrary file uploads due to missing file type validation in various versions. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Score:9.9
Severity:Critical
Version: 1.9.6
The plugin vendor has not patched this vulnerability at the moment.
