Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce upload files vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-24171
The WooCommerce Upload Files WordPress plugin prior to 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked&qu...
Woocommerce Upload Files
383
VMScore
CVE-2022-29425
Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress.
Wpwham Checkout Files Upload For Woocommerce
NA
CVE-2022-4395
The Membership For WooCommerce WordPress plugin prior to 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
Wpswings Membership For Woocommerce
1 Github repository
668
VMScore
CVE-2021-24212
The WooCommerce Help Scout WordPress plugin prior to 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.
Woocommerce Help Scout
NA
CVE-2022-4047
The Return Refund and Exchange For WooCommerce WordPress plugin prior to 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE
Wpswings Return Refund And Exchange For Woocommerce
2 Github repositories
NA
CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin prior to 18.0 does not validate files to be uploaded, which could allow unauthenticated malicious users to upload arbitrary files such as PHP on the server
Najeebmedia Woocommerce Checkout Field Manager
NA
CVE-2022-3537
The Role Based Pricing for WooCommerce WordPress plugin prior to 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP
Addify Role Based Pricing For Woocommerce
NA
CVE-2023-6979
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with ...
Cusrev Customer Reviews For Woocommerce
NA
CVE-2023-0080
The Customer Reviews for WooCommerce WordPress plugin prior to 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files an...
Cusrev Customer Reviews For Woocommerce
NA
CVE-2023-5957
The Ni Purchase Order(PO) For WooCommerce WordPress plugin up to and including 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading ...
Naziinfotech Ni Purchase Order\\(po\\) For Woocommerce
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »