9.8
CVE-2024-13744
- EPSS 1.58%
- Veröffentlicht 04.04.2025 04:21:22
- Zuletzt bearbeitet 09.04.2025 18:09:50
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginBooster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Mögliche Gegenmaßnahme
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools: Update to version 7.2.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
Version
4.0.1-7.2.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Booster ≫ Booster For Woocommerce SwPlatformwordpress Version >= 4.0.1 < 7.2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.58% | 0.812 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.