Lucene search
Upload Files Security Vulnerabilities
cve
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" par...
9.8CVSS
9.5AI Score
0.002EPSS
2021-04-05 07:15 PM
19
2