CVE-2025-4387 – Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

June 10, 2025

CVE ID : CVE-2025-4387

Published : June 10, 2025, 4:15 a.m. | 29 minutes ago

Description : The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may allow for either remote or local code execution depending on the server configuration.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4601 – “RH Real Estate WordPress Theme Privilege Escalation Vulnerability”

Next Article CVE-2025-5911 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-4387 – Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

Reliably Detecting Third-Party Cookie Blocking In 2025

CVE-2025-49281 – Magways PHP Remote File Inclusion Vulnerability

CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks

CVE-2025-4692 – ABUP Cloud Update Platform JWT Privilege Escalation Vulnerability

The plan to decentralize TikTok

For some reason, you can get 43% off this brand-new QHD, 240Hz, HDMI 2.1 gaming monitor with an Amazon coupon

CVE-2025-28038 – TOTOLINK EX1200T Remote Command Execution Vulnerability

How Kepler democratized AI access and enhanced client services with Amazon Q Business

CVE-2025-4387 – Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

Related Posts