CVE-2025-4387 – Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

June 10, 2025

CVE ID : CVE-2025-4387

Published : June 10, 2025, 4:15 a.m. | 29 minutes ago

Description : The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may allow for either remote or local code execution depending on the server configuration.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4601 – “RH Real Estate WordPress Theme Privilege Escalation Vulnerability”

Next Article CVE-2025-5911 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

Highlights

CVE-2025-5620 – D-Link DIR-816 OS Command Injection Vulnerability

June 4, 2025

CVE ID : CVE-2025-5620

Published : June 5, 2025, 12:15 a.m. | 3 hours, 23 minutes ago

Description : A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

CVE-2025-4387 – Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Stellar Blade gets PC release date thanks to leaked PlayStation trailer

Representative Line: National Exclamations

11 Vibe Coding Tools to 10x Your Development on Linux Desktop

Xbox’s Free Play Days for This Weekend Brings Elder Scrolls Online, Souldiers & More

CVE-2025-5620 – D-Link DIR-816 OS Command Injection Vulnerability

Building An Offline-Friendly Image Upload System

How to Write Documentation That Increases Sign-ups

5 Ways Staffing Firms Lose Time and the Project Management Software That Stops It

CVE-2025-4387 – Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

Related Posts