Vulnerabilities and security researches fordrag-and-drop-multiple-file-upload-for-woocommerce drag-and-drop-multiple-file-upload-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2023-4821
Home page URL: Security reports for Drag and Drop Multiple File Upload for WooCommerce
Application: Drag and Drop Multiple File Upload for WooCommerce
Date: Oct 17, 2023
Research Description: The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-45377
Home page URL: Security reports for Drag and Drop Multiple File Upload for WooCommerce
Application: Drag and Drop Multiple File Upload for WooCommerce
Date: Dec 21, 2023
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8.
Affected versions: Min -, max -.
Status: vulnerable

Apr 05, 2025

CVE, Research URL: CVE-2025-2941
Home page URL: Security reports for Drag and Drop Multiple File Upload for WooCommerce
Application: Drag and Drop Multiple File Upload for WooCommerce
Date: Apr 05, 2025
Research Description: The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
Affected versions: Min -, max -.
Status: vulnerable