Unfiltered File Extensions in Drag and Drop Multiple File Upload Plugin for WooCommerce WordPress

Unfiltered File Extensions in Drag and Drop Multiple File Upload Plugin for WooCommerce WordPress

CVE-2023-4821 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.

Learn more about our Wordpress Pen Testing.