Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-13744

Опубликовано: 04 апр. 2025
Источник: nvd
CVSS3: 8.1
CVSS3: 9.8
EPSS Низкий

Описание

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*
Версия от 4.0.1 (включая) до 7.2.5 (исключая)

EPSS

Процентиль: 81%
0.0158
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

github логотип

GHSA-gffv-vp66-96qc

CVSS3: 8.1
github
10 месяцев назад

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

EPSS

Процентиль: 81%
0.0158
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-434