cleantalk
Vulnerabilities and Security Researches

Product Input Fields for WooCommerce, CVE-2024-10857

CVE, Research URL

CVE-2024-10857

Home page URL

Security reports for Product Input Fields for WooCommerce

Application

Product Input Fields for WooCommerce

Published on
Nov 26, 2024
Research Description
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
max 2.0.
Status
vulnerable
Previous vulnerability researches
Product Input Fields for WooCommerce (CVE-2024-13359) , Mar 09, 2025
Product Input Fields for WooCommerce (CVE-2024-10857) , Nov 26, 2024
Product Input Fields for WooCommerce (CVE-2024-31431) , Jun 06, 2024
Product Input Fields for WooCommerce (6d407a98979a822c8bdfca6cab2c8ca04b1b4712) , Jun 06, 2024
Product Input Fields for WooCommerce (CVE-2020-36696) , Jun 06, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026