cleantalk
Vulnerabilities and Security Researches

Easy Upload Files During Checkout, CVE-2025-12682

CVE, Research URL

CVE-2025-12682

Home page URL

Security reports for Easy Upload Files During Checkout

Application

Easy Upload Files During Checkout

Published on
Nov 04, 2025
Research Description
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.
Affected versions
max 2.9.9.
Status
vulnerable
Previous vulnerability researches
Simple Registration for WooCommerce (CVE-2024-32511) , Jun 07, 2024
Simple Registration for WooCommerce (CVE-2025-12095) , Nov 11, 2025
New vulnerability
Backup Bolt (CVE-2023-53597) , Nov 11, 2025
Backup Bolt (CVE-2025-10306) , Nov 11, 2025
Date counter (CVE-2025-62948) , Nov 11, 2025
WPComplete (CVE-2025-49906) , Nov 11, 2025
WP Google Map Plugin (CVE-2025-11365) , Nov 11, 2025