CVE-2019-15866 - Crelly Slider Project Crelly Slider
Critical 8.8
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
Affected software
Crelly Slider Project Crelly Slider