4 matches found
WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 1.7.1,5.0-5.0.5 - Unauthenticated Arbitrary File Upload vulnerability
WordPress Drag and Drop Multiple File Upload Pro - WooCommerce plugin = 1.7.1,5.0-5.0.5 - Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Drag and Drop Multiple File Upload Pro - WooCommerce versions = 1.7.1,5.0-5.0.5...
CVE-2025-5746
creationtimestamp| type| source ---|---|--- 2025-07-02 09:43:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsxwgiyagv2r...
CVE-2025-5746
The Drag and Drop Multiple File Upload Pro - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnduploadcf7uploadchunks function in version 5.0 - 5.0.5 when bundled with the PrintSpace theme and all versions up to, and including,...
CVE-2025-5746
The CVE-2025-5746 entry describes an unauthenticated arbitrary file upload flaw in the Drag and Drop Multiple File Upload (Pro) – WooCommerce, affecting both the Pro plugin (versions 5.0–5.0.5 bundled with PrintSpace) and the standalone version up to 1.7.1. The root cause is missing file-type val...