cleantalk
Vulnerabilities and Security Researches

YayExtra – WooCommerce Extra Product Options, CVE-2024-7257

CVE, Research URL

CVE-2024-7257

Home page URL

Security reports for YayExtra – WooCommerce Extra Product Options

Application

YayExtra – WooCommerce Extra Product Options

Published on
Aug 03, 2024
Research Description
The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 1.3.8.
Status
vulnerable
Previous vulnerability researches
YayExtra – WooCommerce Extra Product Options (CVE-2025-31415) , Apr 03, 2025
YayExtra – WooCommerce Extra Product Options (CVE-2024-7257) , Aug 04, 2024
YayExtra – WooCommerce Extra Product Options (CVE-2025-48299) , Jul 18, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026