6 matches found
CVE-2024-13355
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...
CVE-2024-13355
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...
CVE-2024-13355
creationtimestamp| type| source ---|---|--- 2025-01-16 09:55:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1931 2025-01-16 09:59:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113837445634562209 2025-01-16 10:15:53+00:00| seen|...
CVE-2024-13355 Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...
CVE-2024-13355 Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...
CVE-2024-13355
CVE-2024-13355 affects the WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo. The vulnerability arises from insufficient file-type validation in the upload_file() function, affecting all versions up to and including 13.2. It enables authenticated attackers with ...