Security Advisory

CVE-2023-5957

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-08 19:00:32

Last updated 2025-06-18 16:04:16

Assigner WPScan

State PUBLISHED

Description

The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.

← Browse all CVEs View on cve.org ↗