Critical Vulnerability in Swiss Toolkit For WP Plugin: Arbitrary File Upload and Potential RCE
The Swiss Toolkit For WP plugin for WordPress, versions up to and including 1.4.6, is vulnerable to arbitrary file upload due to a flawed file type validation bypass. This allows authenticated attackers with Author-level access to upload arbitrary files, potentially leading to remote code execution if the 'Enhanced Multi-Format Image Support' feature is enabled. The vulnerability has a CVSS score of 8.8, indicating high severity. Immediate patching is recommended.