Arbitrary File Upload Vulnerability in WooCommerce Ninja Forms Product Add-ons WordPress Plugin

Arbitrary File Upload Vulnerability in WooCommerce Ninja Forms Product Add-ons WordPress Plugin

CVE-2023-5601 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.

Learn more about our Wordpress Pen Testing.