CVE-2025-49885 – HaruTheme WooCommerce Drag and Drop Multiple File Upload Unrestricted Upload of File with Dangerous Type Vulnerability

June 27, 2025

CVE ID : CVE-2025-49885

Published : June 27, 2025, 12:15 p.m. | 2 hours, 14 minutes ago

Description : Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) – WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop Multiple File Upload (Pro) – WooCommerce: from n/a through 5.0.6.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49886 – WebGeniusLab Zikzag Core PHP RFI Vulnerability

Next Article Securitybedrijf meldt mogelijk misbruik van nieuw CitrixBleed-lek

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

The top 4 Bluetooth speakers I’m taking everywhere this summer (including a surprise pick)

Your Android phone is getting a big security upgrade for free – here’s what’s new

How a 5-minute circuit scan saved me hundreds (and exposed a serious wiring surprise)

Using AI saves teachers ‘six weeks per year,’ Gallup poll finds – but at what cost?

billboard.js 3.16.0 release: ✨ bar trending line & improved resizing performance!

billboard.js 3.16.0 release: ✨ bar trending line & improved resizing performance!

ISO 20022 – End of MT Coexistence for Cash Instructions Fast Approaching

Building Trust and Shaping the Future: Implementing Responsible AI – Part 2

Windows 11 KB5060826 fixes slow Search, direct download links

Windows 11 KB5060826 fixes slow Search, direct download links

Rilasciata Tails 6.17: Più Privacy e Sicurezza con le Nuove Funzionalità

Rilasciata Deepin 25: La distribuzione GNU/Linux immutabile con assistente vocale e pacchetti universali

CVE-2025-49885 – HaruTheme WooCommerce Drag and Drop Multiple File Upload Unrestricted Upload of File with Dangerous Type Vulnerability

MongoDB Server Pre-Authentication Vulnerability Let Attackers Trigger DoS Condition

Securitybedrijf meldt mogelijk misbruik van nieuw CitrixBleed-lek

Salesforce Lead-to-Revenue Management

CVE-2025-5325 – Zhilink ADP Application Developer Platform Template Engine Code Injection Vulnerability

8 Best Free and Open Source Graphical Linux Diff Tools

CVE-2025-44835 – D-Link DIR-816 Command Injection Vulnerability

TEKEVER to invest £400M in UK defencetech, creating 1,000+ skilled jobs

CVE-2025-5777 – Citrix NetScaler ADC and NetScaler Gateway Memory Overread Vulnerability

CVE-2025-25034 – SugarCRM Object Injection Vulnerability

Loading JSON Data into Snowflake From Local Directory

CVE-2025-49885 – HaruTheme WooCommerce Drag and Drop Multiple File Upload Unrestricted Upload of File with Dangerous Type Vulnerability

Related Posts