Recently, our firewall plugin blocked an attempt on one of our websites that appeared to be trying to exploit a vulnerability that would allow an attacker to upload a .php file to a website. We were able to trace that back to a vulnerability in the plugin Startklar Elementor Addons.

The logging for the block attempt showed that the attempt was trying to access an AJAX accessible function in a WordPress plugin that would be accessed with the action set to startklar_drop_zone_upload_process. That plugin makes a function named process() accessible through that to those logged in to WordPress as well as those not logged in: [Read more]