Vulnerabilities and security researches foreasy-upload-files-during-checkout easy-upload-files-during-checkout

Nov 11, 2025

CVE, Research URL: CVE-2025-12682
Home page URL: Security reports for Easy Upload Files During Checkout
Application: Easy Upload Files During Checkout
Date: Nov 04, 2025
Research Description: The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.
Affected versions: max 2.9.9.
Status: vulnerable

Jan 11, 2026

CVE, Research URL: CVE-2025-62078
Home page URL: Security reports for Easy Upload Files During Checkout
Application: Easy Upload Files During Checkout
Date: Dec 31, 2025
Research Description: Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through 3.0.0.
Affected versions: max 3.0.0.
Status: vulnerable