WooCommerce Plugin Vulnerable to Arbitrary File Uploads

CVE-2024-1205

What is CVE-2024-1205?

The Management App for WooCommerce, which encompasses functionalities for order notifications, order management, lead management, and uptime monitoring within the WordPress ecosystem, has a vulnerability that permits arbitrary file uploads due to inadequate file type validation in the nouvello_upload_csv_file function. This flaw affects all versions of the plugin up to and including 1.2.0. Authenticated attackers, who possess subscriber-level access or higher, can exploit this vulnerability to upload arbitrary files to the server hosting the affected site. Such an action could potentially lead to remote code execution, posing a significant risk to the integrity and security of the website. Administrators are urged to review their plugin versions and implement any available security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References