Unrestricted Upload of File with Dangerous Type vulnerability
CVE-2024-30231

7.2HIGH

Key Information:

Vendor: WordPress
Status: Product Import Export For WooCommerce
Vendor: CVE Published:; 26 March 2024

Summary

A vulnerability exists in WebToffee's Product Import Export for WooCommerce, allowing for unrestricted uploads of files with dangerous types. This flaw can enable attackers to upload malicious files, potentially compromising the security of the WordPress environment. Users of affected versions, especially those prior to 2.4.1, are advised to take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

Product Import Export for WooCommerce <= 2.4.1

References

https://patchstack.com/database/vulnerability/product-imp...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Mar 26, 2024

Credit

stealthcopter (Patchstack Alliance)