CVE-2023-4821

2023-10-1620:15:16

[email protected]

web.nvd.nist.gov

drag and drop

multiple file upload

woocommerce

wordpress

plugin

vulnerability

unsafe

file upload

cve-2023-4821

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.

Affected configurations

Vulners

NVD

Node

codedropzdrag_and_drop_multiple_file_upload_for_woocommerceRange<1.1.1

VendorProductVersionCPE
codedropzdrag_and_drop_multiple_file_upload_for_woocommerce*cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_for_woocommerce:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
codedropz	drag_and_drop_multiple_file_upload_for_woocommerce	*	cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_for_woocommerce::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Drag and Drop Multiple File Upload for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.1.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]