CRITICAL
prosolution
CVE published 2026-05-20
CVE-2026-6555
The ProSolution WP Client plugin for WordPress contains a critical arbitrary file upload vulnerability affecting versions up to and including 2.0.0. The flaw stems from an array validation mismatch in the file upload handling logic: only the first file in a multi-file upload array undergoes extension and MIME type validation, while all files in the array are subsequently processed and uploaded to a web-ac [truncated]