CVE-2022-4328 – WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server The WooCommerce Checkout Field Manager plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the cfom_upload_file function in versions up to, and including, 17.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed • CWE-434: Unrestricted Upload of File with Dangerous Type •