NVD CRITICAL: CVE-2026-6555 — The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File U...

Wednesday, May 20, 2026 at 02:16 AM UTC·Source: NIST NVD

Updated: Wednesday, May 20, 2026 at 03:00 AM UTC

Executive Summary

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and uploaded to a web-accessible directory. This makes it possible for unauthenticated attackers to upload

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-6555

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 20, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Ripjar reports 40% ARR growth and secures additional investment

Ripjar, the AI-native provider of smarter screening solutions, has announced a 40% increase in annual recurring revenues over the last 12 months.

Just nowFinextra

MEDIUMVulnerabilityNEW

Mastercard fires shots at fake online storefronts

Mastercard has launched Merchant Trust Services, built to help banks and payment providers identify and stop scams generated by fake online storefronts.

Just nowFinextra

MEDIUMVulnerabilityNEW

Kaiko acquires DeFi blockchain firm Cometh

Kaiko, the global leader in market data, analytics, indices, and onchain data infrastructure for digital assets, today announced the acquisition of Cometh, a MiCA/CASP-licensed European provider of regulated financial services specialising in decentralised finance infrastructure

Just nowFinextra