Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/04/16 5:5 p.m.4 views

WordPress Drag and Drop Multiple File Upload for WooCommerce plugin <= 1.1.4 - Unauthenticated Arbitrary File Move vulnerability

Unauthenticated Arbitrary File Move vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Drag and Drop Multiple File Upload for WooCommerce versions = 1.1.4...

9.8CVSS9AI score0.01591EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/04/05 7:36 a.m.16 views

CVE-2025-2941

creationtimestamp| type| source ---|---|--- 2025-04-05 07:36:58+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10598 2025-04-05 08:07:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lm2hyuntn72u 2025-04-05 08:40:14+00:00| seen|...

9.8CVSS8.7AI score0.01591EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/05 7:1 a.m.5 views

CVE-2025-2941 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...

9.8CVSS8AI score0.01591EPSS
Exploits0References3
CVE
CVE
added 2025/04/05 7:1 a.m.87 views

CVE-2025-2941

CVE-2025-2941 affects the WordPress plugin “Drag and Drop Multiple File Upload for WooCommerce.” The issue is arbitrary file movement caused by insufficient validation of the wc-upload-file[] parameter in all versions up to 1.1.4, allowing unauthenticated actors to move files on the server (e.g.,...

9.8CVSS9.8AI score0.01591EPSS
Exploits0References3
Rows per page
Query Builder