A severe arbitrary file upload vulnerability in the WP Captcha PRO plugin enables remote code execution by authenticated attackers.

The flaw stems from insufficient capability checks in the save_ajax() function and unrestricted file extraction in sync_cloud_protection(), allowing attackers to upload malicious PHP shells.

The ability to upload and execute arbitrary files grants an attacker complete control over the web server. With a CVSS score of 8.8, this facilitates full system compromise, database access, and the ability to pivot into the internal network.

Immediate Action: Remove the affected plugin from the WordPress installation immediately to prevent potential remote code execution.

Proactive Monitoring: Scan the server's file system for unauthorized PHP files or web shells, particularly in the plugin's upload directories.

Compensating Controls: Restrict file permissions on the web server to prevent the execution of scripts in upload directories and deploy a WAF to inspect incoming file upload requests.

Public Exploit Available: true

This vulnerability is critical due to the potential for total server compromise. Administrators are urged to remove the vulnerable plugin and perform a thorough security audit of their WordPress environment to identify any signs of prior exploitation.