Filtered by vendor Directsoftware
Subscriptions
Filtered by product Order Attachments For Woocommerce
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9756 | 1 Directsoftware | 1 Order Attachments For Woocommerce | 2024-11-25 | 4.3 Medium |
| The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. | ||||
Page 1 of 1.