WordPress Classyfrieds plugin <= 3.8 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE) discovered by Jin Huang in WordPress Classyfrieds plugin (versions <= 3.8).

Solution

           This plugin has been closed as of December 24, 2018 and is not available for download. Reason: Guideline Violation.