Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/03/10 9:31 a.m.15 views

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

9.8CVSS9.3AI score0.0084EPSS
Exploits0References1
nvd
nvd
added 2025/03/08 10:15 a.m.12 views

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

9.8CVSS0.0084EPSS
Exploits0References4
cve
cve
added 2025/03/08 9:22 a.m.49 views

CVE-2024-13359

CVE-2024-13359 affects Product Input Fields for WooCommerce (WordPress). All versions up to and including 1.12.0 are vulnerable to unauthenticated arbitrary file uploads due to insufficient file-type validation in add_product_input_fields_to_order_item_meta(). By default only double-extension upl...

9.8CVSS8.9AI score0.0084EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2025/03/08 9:22 a.m.20 views

CVE-2024-13359 Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

8.1CVSS0.0084EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/03/08 9:22 a.m.8 views

CVE-2024-13359 Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

8.1CVSS9.4AI score0.0084EPSS
Exploits0References4
Rows per page
Query Builder