CVE-2026-6555 - Vulnerability Details

- ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files'

Description

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and uploaded to a web-accessible directory. This makes it possible for unauthenticated attackers to upload malicious PHP files and achieve remote code execution by sending a valid first file followed by a malicious file.

Published: 2026-05-20

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The ProSolution WP Client plugin contains an arbitrary file upload flaw that only validates the first file in an upload array. All submitted files, including malicious ones, are written to a publicly accessible directory. An attacker can leverage this oversight by uploading a benign file that passes validation first, followed by a PHP script, thereby executing arbitrary code on the server. This flaw directly leads to complete compromise of the WordPress site, granting the attacker full control over files, data, and server configuration.

Affected Systems

WordPress sites that have the ProSolution WP Client plugin installed in any version up to and including 2.0.0 are affected. The vulnerability exists within the plugin's UploadHandler and public class components, exposing the upload endpoint to unauthenticated traffic. Users running earlier or later releases of the plugin are not impacted.

Risk and Exploitability

The CVSS score of 9.8 demonstrates a critical severity. Because the attack requires only an unauthenticated POST request to the upload endpoint, the risk is high, especially on publicly accessible WordPress installations. The EPSS score is not available, so the current exploitation probability cannot be quantified, but the lack of KEV listing does not diminish the potential for rapid exploitation in real-world scenarios. Unauthenticated upload is the likely attack vector, with the attacker acting as any visitor to the site. The use of only the first file for validation indicates a clear mismatch in input checking, a classic form of CWE-434.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

prosolution

ProSolution WP Client

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.0.0

No data.

Vendor Product Confidence Versions

Prosolution

Prosolution Wp Client

95%

Version	Status	Scheme	Platform
`[0,2.0.0]`	affected	semver	—

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to the latest version of ProSolution WP Client, which includes proper validation for all uploaded files.
If an upgrade is not possible, permanently deactivate the ProSolution WP Client plugin or remove its upload endpoint to block file submissions.
Configure the web server to treat the uploads directory as non-executable, for example by adding a .htaccess rule or adjusting directory permissions to prevent PHP execution.

Generated by OpenCVE AI on May 20, 2026 at 03:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00269.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/includes/UploadHandler.php#L1345
https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/includes/UploadHandler.php#L384
https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/public/class-prosolwpclient-public.php#L1072
https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/public/class-prosolwpclient-public.php#L998
https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/includes/UploadHandler.php#L1345
https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/includes/UploadHandler.php#L384
https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/public/class-prosolwpclient-public.php#L1072
https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/public/class-prosolwpclient-public.php#L998
https://www.wordfence.com/threat-intel/vulnerabilities/id/0b870d35-7e10-4fb5-8c3b-2bf299d1f3d5?source=cve

History

Wed, 20 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 20 May 2026 04:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Prosolution Prosolution prosolution Wp Client Wordpress Wordpress wordpress
Vendors & Products		Prosolution Prosolution prosolution Wp Client Wordpress Wordpress wordpress

Wed, 20 May 2026 02:15:00 +0000

Type	Values Removed	Values Added
Description		The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and uploaded to a web-accessible directory. This makes it possible for unauthenticated attackers to upload malicious PHP files and achieve remote code execution by sending a valid first file followed by a malicious file.
Title		ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files'
Weaknesses		CWE-434
References		https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/includes/UploadHandler.php#L1345 https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/includes/UploadHandler.php#L384 https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/public/class-prosolwpclient-public.php#L1072 https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/public/class-prosolwpclient-public.php#L998 https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/includes/UploadHandler.php#L1345 https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/includes/UploadHandler.php#L384 https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/public/class-prosolwpclient-public.php#L1072 https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/public/class-prosolwpclient-public.php#L998 https://www.wordfence.com/threat-intel/vulnerabilities/id/0b870d35-7e10-4fb5-8c3b-2bf299d1f3d5?source=cve
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Prosolution Prosolution Wp Client

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-05-20T01:25:45.499Z

Updated: 2026-05-20T13:15:40.373Z

Reserved: 2026-04-17T23:02:07.358Z

Link: CVE-2026-6555

Vulnrichment

Updated: 2026-05-20T13:15:37.290Z

NVD

Status : Deferred

Published: 2026-05-20T02:16:38.930

Modified: 2026-05-20T13:54:54.890

Link: CVE-2026-6555

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-20T04:00:11Z

Weaknesses

CWE-434

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object