Vulnerabilities and security researches forni-purchase-orderpo-for-woocommerce ni-purchase-orderpo-for-woocommerce

Jun 06, 2024

CVE, Research URL: CVE-2023-5957
Home page URL: Security reports for Ni Purchase Order(PO) For WooCommerce
Application: Ni Purchase Order(PO) For WooCommerce
Date: Jan 09, 2024
Research Description: The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
Affected versions: Min -, max -.
Status: vulnerable