cleantalk
Vulnerabilities and Security Researches

WooCommerce, CVE-2022-50972

CVE, Research URL

CVE-2022-50972

Home page URL

Security reports for WooCommerce

Application

WooCommerce

Published on
Jun 20, 2026
Research Description
WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type values to write malicious PHP files to the web root.
Affected versions
max 7.1.0.
Status
vulnerable
Previous vulnerability researches
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2026-56023) , Jun 23, 2026
New vulnerability
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator (CVE-2026-54847) , Jun 23, 2026
Backup and Staging by WP Time Capsule (CVE-2020-37255) , Jun 23, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2026-56023) , Jun 23, 2026
WooCommerce (CVE-2022-50972) , Jun 22, 2026
Simple File List (CVE-2026-11911) , Jun 21, 2026