Security Advisory

CVE-2023-4821

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-16 19:39:23

Last updated 2025-04-23 16:11:18

Assigner WPScan

State PUBLISHED

Description

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.

← Browse all CVEs View on cve.org ↗