CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

May 9, 2025

CVE ID : CVE-2025-4403

Published : May 9, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Next Article CVE-2025-4471 – Apache Code-projects Jewelery Store Management System Stack Buffer Overflow Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This Motorola Razr deal at Best Buy is the top offer I’ve seen on the flip phone

Google Maps can identify and save places in your screenshots – here’s how

T-Mobile is giving loyal users a free line right now – how to see if you qualify

CTA warns of tariff-fueled price hikes on consumer tech – but it’s not all bad news

Big Node, VS Code, and Mantine updates

Big Node, VS Code, and Mantine updates

Prepare for Contact Center Week with Colleen Eager

Preparing for the Unthinkable: Safeguarding People and Productivity During India-Pakistan Conflicts

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Windows 11 Microsoft Store tests Copilot integration to increase app downloads

Beyond APT: Software Management with Flatpak on Ubuntu

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4496 – TOTOLINK CloudACMunualUpdate Buffer Overflow Vulnerability

Simplifying CI/CD with Pytest and Selenium for Web Automation Testing

How BlackSuit Ransomware is Crippling Businesses: FBI, CISA Sound Alarm

Chinese Citizens Targeted in QR Code-Based Phishing Campaign

Securing Laravel Applications with Stephen Rees-Carter

Perficient Insights: Dreamforce 2024 with Eric Walk

Watch out Copilot, Google could add Gemini Live to Windows 11 taskbar via Chrome

Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Unlocking the Secrets of Smart Automation

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Related Posts