CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

May 9, 2025

CVE ID : CVE-2025-4403

Published : May 9, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Next Article CVE-2025-4471 – Apache Code-projects Jewelery Store Management System Stack Buffer Overflow Vulnerability

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

Melissa brings its data quality solutions to Azure with new SSIS integration

Automating Design Systems: Tips And Resources For Getting Started

This $180 mini projector has no business being this good for the price

GPT-5 is finally here, and you can access it for free today – no subscription needed

Changing this Android setting instantly doubled my phone speed (Samsung and Google models included)

ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5

Advanced Application Architecture through Laravel’s Service Container Management

Advanced Application Architecture through Laravel’s Service Container Management

Switch Between Personas in Laravel With the MultiPersona Package

AI-Driven Smart Tagging and Metadata in AEM Assets

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Halo Infinite’s Fall Update: New Features and Modes to Revive the Game?

Forza Motorsport’s Future in Jeopardy: Fans Demand Clarity from Microsoft

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Microsoft to Pull Plug on Shared EWS Access in Hybrid Exchange by October

Google Confirms Salesforce Database Breach by ShinyHunters Group

CVE-2025-4674 – Go VCS Command Execution Vulnerability

Ripple’s xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

Trend Micro Fortifies AI Security: Integrates NVIDIA Agentic AI Safety for End-to-End Protection

CVE-2025-23269 – NVIDIA Jetson Linux Microarchitectural Predictor State Information Disclosure

Microsoft’s CEO says AI has written 20% to 30% of the company’s code

CVE-2025-5984 – SourceCodester Online Student Clearance System Cross-Site Scripting Vulnerability

WinRAR patches bug letting malware launch from extracted archives

Huawei MateBook X Pro 2024 (Linux Edition) Goes on Sale

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Related Posts