4 matches found
CVE-2024-8425
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...
CVE-2024-8425 WooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File Upload
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...
CVE-2024-8425
The CVE-2024-8425 entry concerns the WordPress WooCommerce Ultimate Gift Card plugin (versions up to 2.6.0). The root cause is insufficient file type validation in mwb_wgm_preview_mail and mwb_wgm_woocommerce_add_cart_item_data, allowing unauthenticated arbitrary file uploads to the server and po...
VulnCheck KEV: CVE-2024-8425
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...