CVE-2023-4821

Drag and Drop Multiple File Upload < 1.1.1 - Unauthenticated Stored Cross-Site Scripting

CVSS 5.4 MEDIUMEPSS 0.4%

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Produtos afetados

Unknown · Drag and Drop Multiple File Upload for WooCommerce

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5