cleantalk
Vulnerabilities and Security Researches

Order Attachments for WooCommerce, CVE-2024-13638

CVE, Research URL

CVE-2024-13638

Home page URL

Security reports for Order Attachments for WooCommerce

Application

Order Attachments for WooCommerce

Published on
Feb 28, 2025
Research Description
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments added to orders.
Affected versions
Min -, max 2.5.1.
Status
vulnerable
Previous vulnerability researches
Order Attachments for WooCommerce (CVE-2024-9756) , Oct 13, 2024
Order Attachments for WooCommerce (CVE-2024-13638) , Mar 01, 2025
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025