cleantalk
Vulnerabilities and Security Researches

Ni Purchase Order(PO) For WooCommerce, CVE-2023-5957

CVE, Research URL

CVE-2023-5957

Home page URL

Security reports for Ni Purchase Order(PO) For WooCommerce

Application

Ni Purchase Order(PO) For WooCommerce

Published on
Jan 09, 2024
Research Description
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
Affected versions
Min -, max 1.2.2.
Status
vulnerable
Previous vulnerability researches
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2024-3590) , Jun 07, 2024
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2023-27415) , Jun 07, 2024
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2024-34568) , Jun 07, 2024
Ni Purchase Order(PO) For WooCommerce (CVE-2023-5957) , Jun 06, 2024
User registration & user profile – UserPlus (CVE-2023-0824) , Jun 07, 2024
New vulnerability
CF7 Spreadsheets (CVE-2025-31536) , Apr 05, 2025
Awesome Logos (CVE-2025-31899) , Apr 05, 2025
Flickr Photostream (CVE-2025-31467) , Apr 05, 2025
CM Header & Footer Script Loader – Insert Script Plugin (CVE-2025-31091) , Apr 05, 2025
Minimalistic Event Manager (CVE-2025-31739) , Apr 05, 2025