CVE-2024-7257
CVE-2024-7257 affects YayExtra – WooCommerce Extra Product Options (WordPress plugin) versions up to 1.3.7, with unauthenticated arbitrary file uploads via handle_upload_file. This user‑level vulnerability could enable remote code execution on affected sites. A patch is available in version 1.3.8...