Skip to main content

Woocommerce Upload Files

2 CVEs product

Monthly

CVE-2024-10820 CRITICAL Act Now

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload Woocommerce Upload Files
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-24171 CRITICAL Act Now

The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload Path Traversal Woocommerce Upload Files
NVD WPScan
CVSS 3.1
9.8
EPSS
1.9%
EPSS 1% CVSS 9.8
CRITICAL Act Now

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload +2
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy