An Authenticated user (admin+) can bypass the security check of the plugin and upload arbitrary files via the Brand Logo.
The PoC will be displayed once the issue has been remediated
UPLOAD
2020-10-21 (about 2 years ago)
2020-10-21 (about 2 years ago)
2020-11-03 (about 2 years ago)