CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

May 9, 2025

CVE ID : CVE-2025-4403

Published : May 9, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Next Article CVE-2025-4471 – Apache Code-projects Jewelery Store Management System Stack Buffer Overflow Vulnerability

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-5732 – Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability

Welcome to Manga Office

Zoom goes down across the globe – what we know about the outage so far

CVE-2025-4766 – PHPGurukul Zoo Management System SQL Injection Vulnerability

The AI Fix #52: AI adopts its own social norms, and AI DJ creates diversity scandal

Beyond the benchmarks: Understanding the coding personalities of different LLMs

CVE-2025-5472 – Llama Index JSONReader Stack Overflow Denial of Service Vulnerability

Rilasciato LXD 6.5: Novità e Miglioramenti nel Gestore di Contenitori e Macchine Virtuali di Canonical

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Related Posts