EPSS
Percentile
99.3%
An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata.
blog.ripstech.com/2019/wordpress-image-remote-code-execution/
www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce