In Ai1wm_Import_Controller::import admin priveleges ARE NOT checked.
Function is imported as action: add_action(‘wp_ajax_import’, ‘Ai1wm_Import_Controller::import’) in class-ai1wm-main-controller.php
It’s possible to use it through wp-admin/admin-ajax.php as regular user.
Using this functionality, we can send any kind of files to remote server.
Proof of Concept:
- 13-10-2014: Discovered
- 14-10-2014: Vendor notified
- 15-10-2014: Version 2.0.3 released, issue resolved