CVE-2024-22152
WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.
Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WebToffee Product Import Export para WooCommerce. Este problema afecta a Product Import Export para WooCommerce: desde n/a hasta 2.3.7.
The Product Import Export for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_import_file' function n all versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Shop Manager access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-05 CVE Reserved
- 2024-01-16 CVE Published
- 2024-08-01 CVE Updated
- 2024-12-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Webtoffee Search vendor "Webtoffee" | Product Import Export For Woocommerce Search vendor "Webtoffee" for product "Product Import Export For Woocommerce" | < 2.3.8 Search vendor "Webtoffee" for product "Product Import Export For Woocommerce" and version " < 2.3.8" | wordpress |
Affected
| ||||||