CVE-2025-49885 – HaruTheme WooCommerce Drag and Drop Multiple File Upload Unrestricted Upload of File with Dangerous Type Vulnerability

June 27, 2025

CVE ID : CVE-2025-49885

Published : June 27, 2025, 12:15 p.m. | 2 hours, 14 minutes ago

Description : Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) – WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop Multiple File Upload (Pro) – WooCommerce: from n/a through 5.0.6.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49886 – WebGeniusLab Zikzag Core PHP RFI Vulnerability

Next Article Securitybedrijf meldt mogelijk misbruik van nieuw CitrixBleed-lek

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-49885 – HaruTheme WooCommerce Drag and Drop Multiple File Upload Unrestricted Upload of File with Dangerous Type Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Sony’s Bend Studio Confirms Layoffs as It Gears Up for New Game

CVE-2024-11861 – EnerSys AMPA Remote Command Injection Vulnerability

CVE-2025-40669 – TCMAN GIM Authorization Bypass

CVE-2025-31246 – Apple macOS AFP Server Kernel Memory Corruption Vulnerability

CVE-2025-5182 – “Summer Pearl Group Vacation Rental Management Platform Listing Handler Authorization Bypass”

Xbox price hikes hurt its value against PS5, a Microsoft PM roasts Windows 11, and Bing gets unexpected praise — top tech stories

A Study Reveals Xbox Game Pass’s Real Impact Might Be on Purchases, Not Playtime

CVE-2025-53385 – Apache HTTP Server Cross-Site Request Forgery

CVE-2025-49885 – HaruTheme WooCommerce Drag and Drop Multiple File Upload Unrestricted Upload of File with Dangerous Type Vulnerability

Related Posts