3 matches found
CVE-2023-6979
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivoleimportuploadcsv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access...
CVE-2023-6979
CVE-2023-6979 affects the WordPress plugin “Customer Reviews for WooCommerce.” The issue stems from missing file type validation in the ivole_import_upload_csv AJAX action, affecting all versions up to and including 5.38.9. An authenticated attacker with author-level access could upload arbitrary...
WordPress Customer Reviews for WooCommerce Plugin <= 5.38.9 is vulnerable to Arbitrary File Upload
Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.38.9 Fixed in 5.38.10 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6979 Patch priority Medium CVSS severity Medium 9.8 Developer Claim ownership PSID f2b42bb42f3b Credits Artem Guzhva...