3 matches found
CVE-2024-22152
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7...
CVE-2024-22152
CVE-2024-22152 relates to the WordPress plugin Product Import Export for WooCommerce by WebToffee, vulnerable up to version 2.3.7 due to an unrestricted upload of dangerous file types via the upload_import_file path. The root cause is missing validation on uploaded files, enabling an authenticate...
WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload
Software Product Import Export for WooCommerce Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-22152 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 7b62ca7055ba Credits Dateoljo of BoB...