WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability

CVE-2024-54262

9.9CRITICAL

Key Information

Vendor: Siddharth Nagar
Status: Import Export For WooCommerce
Vendor: CVE Published:; 13 December 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5.

Affected Version(s)

Import Export For WooCommerce <= 1.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-54262
Created by RandomRobbieBF

Refferences

https://patchstack.com/database/wordpress/plugin/import-e...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

🔴
Public PoC available
Dec 19, 2024
👾
Exploit known to exist
Dec 19, 2024
Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 2, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Joshua Chan (Patchstack Alliance)