Attackers could use the Unauthenticated Arbitrary Post Creation issue (https://wpscan.com/vulnerability/d3ef5644-1044-492f-ac23-ea90b32f1e77) to also upload a PHP file via the cfp_upload_image() function which fails to properly verify that the file provided is an image.
UPLOAD
2021-01-20 (about 1 years ago)
2021-01-20 (about 1 years ago)
2021-01-21 (about 1 years ago)