Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:15 a.m.8 views

CVE-2024-1205

The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvellouploadcsvfile function in all versions up to, and including, 1.2.2. This...

8.8CVSS7.9AI score0.01283EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2024/04/05 3:2 p.m.31 views

$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin

On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such as subscribers a...

6.5CVSS9.2AI score0.01283EPSS
Exploits0
Patchstack
Patchstack
added 2024/03/21 12:0 a.m.10 views

WordPress Management App for WooCommerce Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload

Software Management App for WooCommerce Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1205 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4f48ec18525e Credits Lucio Sá Required privile...

8.8CVSS7.2AI score0.01283EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/20 7:15 a.m.6 views

CVE-2024-1205

The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvellouploadcsvfile function in all versions up to, and including, 1.2.0. This...

8.8CVSS6.5AI score0.01283EPSS
Exploits0References3
CVE
CVE
added 2024/03/20 6:48 a.m.91 views

CVE-2024-1205

The CVE-2024-1205 entry describes an Arbitrary File Upload vulnerability in the WordPress plugin Management App for WooCommerce (WEmanage App Worker). All versions up to and including 1.2.0 are affected. An authenticated user (Subscriber+) can call the CSV upload API without proper file-type vali...

8.8CVSS7.9AI score0.01283EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/03/20 6:48 a.m.23 views

CVE-2024-1205 Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload

The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvellouploadcsvfile function in all versions up to, and including, 1.2.2. This...

8.8CVSS9.1AI score0.01283EPSS
Exploits0References5
Rows per page
Query Builder