The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-10-16T19:39:23.618Z
Updated: 2023-10-16T19:39:23.618Z
Reserved: 2023-09-07T15:03:27.376Z
Link: CVE-2023-4821
JSON object: View
NVD Information
Status : Modified
Published: 2023-10-16T20:15:16.990
Modified: 2023-11-07T04:23:00.477
Link: CVE-2023-4821
JSON object: View
Redhat Information
No data.
CWE
No CWE.