The midi-Synth plugin for WordPress contains a critical file upload vulnerability that allows unauthenticated attackers to execute arbitrary code on the host server.

The plugin fails to validate file types and extensions in its 'export' AJAX action. While a nonce is required, it is exposed in frontend JavaScript, making it accessible to unauthenticated attackers to facilitate malicious file uploads.

Successful exploitation allows an attacker to upload web shells, leading to full server compromise and Remote Code Execution (RCE). This could result in the theft of sensitive site data, installation of malware, or the use of the server as a pivot point for further network attacks. The CVSS score of 9.8 reflects the critical risk to the underlying infrastructure.

Immediate Action: Deactivate and remove the midi-Synth plugin immediately until a patched version higher than 1.1.0 is verified and installed.

Proactive Monitoring: Inspect the WordPress 'uploads' directory for suspicious PHP files or scripts and review server logs for unusual POST requests to the admin-ajax.php endpoint.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules designed to block the upload of executable file types to non-standard directories.

Public Exploit Available: false

Given the potential for unauthenticated Remote Code Execution, this vulnerability requires immediate attention. Administrators should prioritize removing the plugin or updating to a secure version to prevent total site compromise.