Vanquish Woocommerce_upload_files
2 CVEs affecting Vanquish Woocommerce_upload_files. Latest disclosed: 2024-11-13. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-10820 | Critical | 9.8 | 2024-11-13 | The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in… |
CVE-2021-24171 | Critical | 9.8 | 2021-04-05 | The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass t… |