CVE-2025-29009
Lifecycle Timeline
2Description
Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through <= 1.2.3.
Analysis
Unrestricted file upload vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce through version 1.2.3 allows attackers to upload web shells to the server, enabling remote code execution. The plugin fails to properly validate uploaded file types, permitting dangerous executable files to be stored in web-accessible directories. No CVSS score or public exploit code has been published; however, the low EPSS score (0.11%, 29th percentile) suggests minimal exploitation probability despite the high intrinsic severity of arbitrary file upload to WordPress environments.
Technical Context
This vulnerability stems from CWE-434 (Unrestricted Upload of File with Dangerous Type), a classic WordPress plugin weakness where user-supplied file uploads bypass adequate type validation. The Medical Prescription Attachment Plugin for WooCommerce, deployed as a WordPress plugin extending WooCommerce functionality for medical prescription management, accepts file uploads without sufficiently restricting file extensions or MIME types. Attackers can exploit this to upload PHP, JSP, ASPX, or other executable files that the web server will process, leading to arbitrary code execution in the context of the WordPress application. The vulnerability affects the plugin's core upload handling mechanism, likely in request handlers that process prescription attachments without whitelisting safe file types or enforcing content-based validation.
Affected Products
Webkul Medical Prescription Attachment Plugin for WooCommerce versions up to and including 1.2.3. The plugin is deployed as a WordPress plugin component extending WooCommerce e-commerce and prescription management functionality. No specific CPE identifier for this WordPress plugin is available in the provided data; affected installations are identified by plugin slug 'medical-prescription-attachment-plugin-for-woocommerce' and active versions <= 1.2.3. Detailed vulnerability information is available via the Patchstack WordPress vulnerability database reference.
Remediation
Update Webkul Medical Prescription Attachment Plugin for WooCommerce to version 1.2.4 or later, which should include fixes for file upload validation. Administrators should immediately deactivate and remove the vulnerable plugin if patched versions are not available, or implement temporary controls by restricting upload endpoint access via Web Application Firewall (WAF) rules to authenticated users only if functional requirements permit. Additionally, scan the server for suspicious files in WordPress plugin upload directories (typically wp-content/uploads/) for signs of web shell implantation using file integrity monitoring or security plugins. Consult the Patchstack vulnerability database for updated patch availability and specific version release notes at https://patchstack.com/database/Wordpress/Plugin/medical-prescription-attachment-plugin-for-woocommerce/vulnerability/wordpress-medical-prescription-attachment-plugin-for-woocommerce-1-2-3-arbitrary-file-upload-vulnerability.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today