The AJAX sif_upload_file allowed the authorised extensions to be provided in the request, which result in unauthenticated arbitrary file upload and lead to RCE
/wp-admin/admin-ajax.php?action=sif_upload_file
UPLOAD
John Castro
Pagely
Yes
2021-01-19 (about 2 years ago)
2021-01-19 (about 2 years ago)
2021-01-20 (about 2 years ago)