3 matches found
CVE-2025-4387 Abandoned Cart Pro for WooCommerce <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload
The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcapaddtocartpopupuploadfiles function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with...
CVE-2025-4387
CVE-2025-4387 concerns the WordPress plugin Abandoned Cart Pro for WooCommerce, where versions up to and including 9.16.0 contain an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function. An attacker with subscrib...
WordPress Abandoned Cart Pro for WooCommerce plugin <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Phil Wylie mustardbees in WordPress Plugin Abandoned Cart Pro for WooCommerce versions = 9.16.0...