Arbitrary File Upload Vulnerability in Addify Custom User Registration Fields for WooCommerce
CVE-2025-60207

10CRITICAL

Key Information:

Vendor: WordPress
Status: Custom User Registration Fields For WooCommerce
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-60207?

The Addify Custom User Registration Fields for WooCommerce plugin is susceptible to an arbitrary file upload vulnerability, allowing unauthorized users to upload files of potentially dangerous types. This deficiency can result in the upload of a web shell, compromising the integrity of the web server. Affected users are on versions up to 2.1.2, making it paramount for users of this plugin to implement security measures and updates to mitigate the risk of exploitation.

Affected Version(s)

Custom User Registration Fields for WooCommerce <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/user...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Sep 25, 2025

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-60207?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit