exploitDog

CVE-2024-10820

Опубликовано: 13 нояб. 2024

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Ссылки

https://codecanyon.net/item/woocommerce-upload-files/11442983
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vanquish:woocommerce_upload_files:*:*:*:*:*:wordpress:*:*

Версия до 84.4 (исключая)

EPSS

Процентиль: 95%

0.16669

Средний

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-q46h-crrj-ggjm

CVSS3: 9.8

github

около 1 года назад

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

EPSS

Процентиль: 95%

0.16669

Средний

9.8 Critical

CVSS3

Дефекты

CWE-434