CVE-2024-13744

High CVSS: 8.1

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Vendor

Booster

Product

Booster For Woocommerce

CWE

CWE-434

Yayın Tarihi

2025-04-04 05:15:44

Güncelleme

2025-04-09 18:09:50

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-434 Booster For Woocommerce HIGH Booster 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3262569/woocommerce-jetpack/trunk/includes/input-fields/class-wcj-product-input-fields-core.php https://www.wordfence.com/threat-intel/vulnerabilities/id/f8e1aca8-3d82-4b1a-98c8-29501a377846?source=cve

Benzer Kayıtlar

Medium

CVE-2025-64380

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster f…

Medium

CVE-2025-64379

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectl…

High

CVE-2025-64196

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster f…

High

CVE-2024-13342

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type valida…

High

CVE-2025-39446

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Boost…

High

CVE-2024-13708

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in ve…