Skip to main content

Product Input Fields For Woocommerce

3 CVEs product

Monthly

CVE-2024-13359 HIGH PATCH This Week

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta(). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress PHP RCE File Upload Product Input Fields For Woocommerce
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2024-10857 MEDIUM PATCH This Month

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Product Input Fields For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-36696 HIGH POC PATCH This Week

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Product Input Fields For Woocommerce
NVD WPScan VulDB
CVSS 3.1
7.5
EPSS
0.4%
EPSS 3% CVSS 8.1
HIGH PATCH This Week

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta(). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress PHP RCE +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Product Input Fields For Woocommerce
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Product Input Fields For Woocommerce
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy