Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2024-10820
- EPSS 9.07%
- Veröffentlicht 13.11.2024 04:15:04
- Zuletzt bearbeitet 19.11.2024 17:38:16
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attack...
9.8
CVE-2021-24171
- EPSS 0.92%
- Veröffentlicht 05.04.2021 19:15:15
- Zuletzt bearbeitet 25.11.2024 18:14:49
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within anothe...
1