4 matches found
WordPress Drag and Drop Multiple File Upload for WooCommerce plugin <= 1.1.4 - Unauthenticated Arbitrary File Move vulnerability
Unauthenticated Arbitrary File Move vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Drag and Drop Multiple File Upload for WooCommerce versions = 1.1.4...
CVE-2025-2941
creationtimestamp| type| source ---|---|--- 2025-04-05 07:36:58+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10598 2025-04-05 08:07:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lm2hyuntn72u 2025-04-05 08:40:14+00:00| seen|...
CVE-2025-2941 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...
CVE-2025-2941
CVE-2025-2941 affects the WordPress plugin “Drag and Drop Multiple File Upload for WooCommerce.” The issue is arbitrary file movement caused by insufficient validation of the wc-upload-file[] parameter in all versions up to 1.1.4, allowing unauthenticated actors to move files on the server (e.g.,...