CVE-2016-10955

The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.
Source: NIST
CVE-2016-10955