cleantalk
Vulnerabilities and Security Researches

Drag and Drop Multiple File Upload for WooCommerce, CVE-2023-4821

CVE, Research URL

CVE-2023-4821

Home page URL

Security reports for Drag and Drop Multiple File Upload for WooCommerce

Application

Drag and Drop Multiple File Upload for WooCommerce

Published on
Oct 17, 2023
Research Description
The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
Affected versions
Min -, max 1.1.1.
Status
vulnerable
Previous vulnerability researches
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-2941) , Apr 05, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2023-4821) , Jun 07, 2024
Drag and Drop Multiple File Upload for WooCommerce (CVE-2022-45377) , Jun 07, 2024
New vulnerability
SEO, Nutrition and Print for Recipes by Edamam (CVE-2025-32555) , Apr 11, 2025
MultiMailer (CVE-2025-32505) , Apr 11, 2025
Script Compressor (CVE-2025-31391) , Apr 11, 2025
Local google fonts, host google fonts locally by Easyfonts (CVE-2025-31005) , Apr 11, 2025
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2025-3439) , Apr 11, 2025