Blue teamer here, I noticed today one of our users was uploading some image files to a WordPress webapp they seem to own. My team’s concern is not wasting company time, but rather anything that could threaten the security of the organization. From that perspective, does anyone know if this could be used as an attack vector? If an attacker were to exploit a vuln in either WP itself or its plugins, is there a way they may pivot into our network or gain information on it. I’m thinking no, but I also do not know a lot about WP.