cleantalk
Vulnerabilities and Security Researches

Drag and Drop Multiple File Upload for WooCommerce, CVE-2023-4821

CVE, Research URL

CVE-2023-4821

Home page URL

Security reports for Drag and Drop Multiple File Upload for WooCommerce

Application

Drag and Drop Multiple File Upload for WooCommerce

Published on
Oct 17, 2023
Research Description
The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
Affected versions
Min -, max 1.1.1.
Status
vulnerable
Previous vulnerability researches
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-2941) , Apr 05, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2023-4821) , Jun 07, 2024
Drag and Drop Multiple File Upload for WooCommerce (CVE-2022-45377) , Jun 07, 2024
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025