Description The plugin does not properly validate file type in its pmpro_paypalexpress_session_vars_for_user_fields() function, which could allow any authenticated users, such as subscriber to upload arbitrary files on the server. Note: Exploitation of the issue requires 2Checkout (deprecated since version 2.6) or PayPal Express to be set set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.