4 matches found
CVE-2024-3962
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...
CVE-2024-3962
The CVE CVE-2024-3962 affects Product Addons & Fields for WooCommerce (PPOM) on WordPress. It is caused by missing file type validation in the ppom_upload_file function, allowing unauthenticated arbitrary file uploads on all versions up to and including 32.0.18. Exploitation requires PPOM Pro ins...
EUVD-2024-32528
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...
CVE-2024-3962 Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...