CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

May 9, 2025

CVE ID : CVE-2025-4403

Published : May 9, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Next Article CVE-2025-4471 – Apache Code-projects Jewelery Store Management System Stack Buffer Overflow Vulnerability

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

I recommend this Chromebook over many Windows laptops that cost twice as much

Why I recommend this flagship TCL TV over OLED models that cost more (and don’t regret it)

Finally, a Lenovo ThinkPad that impressed me in performance, design, and battery life

3 productivity gadgets I can’t work without (and why they make such a big difference)

SQL Joins

SQL Joins

Dividing Collections with Laravel’s splitIn Helper

PayHere for Laravel

Distribution Release: IPFire 2.29 Core 195

Distribution Release: IPFire 2.29 Core 195

TeleSculptor – transforms aerial videos and images into Geospatial 3D models

Rilasciato IceWM 3.8: Gestore di Finestre per il Sistema X

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Canada says Salt Typhoon hacked telecom firm via Cisco flaw

Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls

I’ve had my eye on this new Game Pass RPG for ages, and you can preorder it for a whopping 30% off ahead of its launch next week

Microsoft could ditch OpenAI’s high-stake for-profit talks: “Holding out is Microsoft’s nuclear option, and they are just making OpenAI sweat”

Fine del supporto a Windows 10: la campagna “End of 10” promuove il passaggio a GNU/Linux

How To Deploy To Vercel With GitHub Actions

CVE-2025-26383 – Apache iSTAR Memory Information Disclosure

Cauldron reads articles stored in Pocket

OpenAI’s need for more paid ChatGPT users is subtly mentioned in code — Will it use the viral Ghibli memes to cash in?

Mastering Stratego, the classic game of imperfect information

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Related Posts