18 matches found
CVE-2025-13930
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly verifying that a user is authorized to delete an attachment combined with flawed guest order...
CVE-2025-12500
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...
CVE-2025-13930 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly verifying that a user is authorized to delete an attachment combined with flawed guest order...
CVE-2025-13930
The CVE-2025-13930 entry concerns the Checkout Field Manager (Checkout Manager) for WooCommerce plugin on WordPress. Affected versions are up to and including 7.8.5, where an authorization bypass allows unauthenticated attackers to delete attachments associated with guest orders. The root cause c...
CVE-2025-12500
The vulnerability CVE-2025-12500 affects the Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress, with unauthenticated, limited file upload via ajax_checkout_attachment_upload in all versions up to 7.8.1. The root cause is improper authorization verification for upload ...
CVE-2025-12500 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...
CVE-2025-12500 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...
WordPress plugin Checkout Field Manager (Checkout Manager) for WooCommerce 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
WordPress plugin Checkout Field Manager (Checkout Manager) for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-20610
Name of the Vulnerable Software and Affected Versions Checkout Manager for WooCommerce versions prior to 7.8.6 Description The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress has an authorization issue. The plugin does not properly verify user authorization to delete...
VulnCheck KEV: CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
WordPress WooCommerce Checkout Field Manager Plugin < 18.0 is vulnerable to Arbitrary File Upload
Software WooCommerce Checkout Field Manager Type Plugin Vulnerable versions 18.0 Fixed in 18.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-4328 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8dcb3ac5c4ef Credits cydave Required privilege...
CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
CVE-2022-4328 WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
CVE-2022-4328
The CVE-2022-4328 entry concerns the WordPress plugin WooCommerce Checkout Field Manager (before 18.0). The vulnerability arises from failure to validate uploaded files in the cfom_upload_file action, enabling unauthenticated remote arbitrary file uploads (e.g., PHP) to the server. Impact is desc...
WordPress plugin WooCommerce Checkout Field Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Social Sharing is a social sharing plugin used in it.WordPress plugin is an applicatio...
WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and active the vulnerable plugin n-media-woocommerce-checkout-fields...