cleantalk
Vulnerabilities and Security Researches

Easy Upload Files During Checkout, CVE-2025-12682

CVE, Research URL

CVE-2025-12682

Home page URL

Security reports for Easy Upload Files During Checkout

Application

Easy Upload Files During Checkout

Published on
Nov 04, 2025
Research Description
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.
Affected versions
max 2.9.9.
Status
vulnerable
Previous vulnerability researches
Centangle-Team (CVE-2025-12456) , Nov 11, 2025
New vulnerability
Raychat (CVE-2025-62975) , Nov 11, 2025
LearnPress – WordPress LMS Plugin (CVE-2025-11372) , Nov 11, 2025
Slide Puzzle (CVE-2025-52751) , Nov 11, 2025
Post List Featured Image (CVE-2025-62937) , Nov 11, 2025
NikanWP WooCommerce Reporting (CVE-2025-62957) , Nov 11, 2025