EUVD-2021-11085

Malware in sbrugna...

CVE-2021-24171

The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuffilename"...

CVE-2024-10820

CVE-2024-10820 : The WooCommerce Upload Files plugin for WordPress (versions ≤ 84.3) is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in upload_files(). This could allow an attacker to upload arbitrary files to the server and may enable remote code execu...

WordPress plugin WooCommerce Upload Files 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Path traversal

The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuffilename"...

Automattic WooCommerce 代码问题漏洞

Automattic WooCommerce is an open source e-commerce platform based on WordPress from Automattic, Inc. A security vulnerability exists in WooCommerce Upload Files WordPress plugin before 59.4, which can be exploited by an attacker to upload files to a different location via path traversal...