WP eMember < 10.6.6 - Admin+ Arbitrary File Upload
Description
An admin-level arbitrary file upload vulnerability in WP eMember before 10.6.6 allows unvalidated file uploads, enabling PHP code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An admin-level arbitrary file upload vulnerability in WP eMember before 10.6.6 allows unvalidated file uploads, enabling PHP code execution.
Vulnerability
The WordPress plugin WP eMember before version 10.6.6 does not validate the types of files uploaded by admin users. This flaw permits administrators to upload arbitrary files, including PHP scripts, to the server [1]. Affected versions are all releases prior to 10.6.6.
Exploitation
An attacker with admin-level access to the WordPress instance can exploit this vulnerability by uploading a malicious PHP file via the plugin's file upload functionality. No additional authentication or complex conditions are required beyond valid admin credentials [1].
Impact
Successful exploitation allows the attacker to achieve arbitrary code execution on the server through the uploaded PHP file. This can lead to full site compromise, data theft, server takeover, and further attacks on connected systems [1].
Mitigation
The vulnerability is fixed in version 10.6.6 of the wp-eMember plugin. Users should update to this version immediately. There is no known workaround, and the plugin is still supported. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing file validation in the wp-eMember plugin's upload functionality allows arbitrary file uploads."
Attack vector
An attacker with Administrator-level access to the WordPress site can upload arbitrary files, including PHP scripts, because the plugin does not validate uploaded file types [ref_id=1]. The attacker would use the plugin's file upload feature to upload a malicious PHP file, which can then be accessed directly on the server to achieve remote code execution.
Affected code
The advisory does not specify the exact file or function responsible. The wp-eMember plugin's file upload handling logic lacks validation, allowing arbitrary file uploads [ref_id=1].
What the fix does
The advisory states the vulnerability is fixed in version 10.6.6 [ref_id=1]. No patch diff is provided, but the fix presumably adds file type validation to the upload handler to restrict uploads to safe file types and prevent arbitrary file uploads.
Preconditions
- authAttacker must have Administrator-level access to the WordPress site
- configThe wp-eMember plugin must be installed and active with a version prior to 10.6.6
Reproduction
The advisory does not include reproduction steps beyond stating that admins can upload arbitrary files such as PHP [ref_id=1].
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.