6 matches found
CVE-2024-1205
The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvellouploadcsvfile function in all versions up to, and including, 1.2.2. This...
$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin
On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such as subscribers a...
WordPress Management App for WooCommerce Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload
Software Management App for WooCommerce Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1205 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4f48ec18525e Credits Lucio Sá Required privile...
CVE-2024-1205
The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvellouploadcsvfile function in all versions up to, and including, 1.2.0. This...
CVE-2024-1205
The CVE-2024-1205 entry describes an Arbitrary File Upload vulnerability in the WordPress plugin Management App for WooCommerce (WEmanage App Worker). All versions up to and including 1.2.0 are affected. An authenticated user (Subscriber+) can call the CSV upload API without proper file-type vali...
CVE-2024-1205 Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload
The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvellouploadcsvfile function in all versions up to, and including, 1.2.2. This...