Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin WooCommerce Checkout Manager Arbitrary File Upload (4.2.6)

Description

WordPress Plugin WooCommerce Checkout Manager is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin WooCommerce Checkout Manager version 4.2.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.3 or latest

References

https://www.pluginvulnerabilities.com/2019/04/23/our-proactive-monitoring-caught-an-arbitrary-file-upload-vulnerability-in-woocommerce-checkout-manager/

https://blog.sucuri.net/2019/04/insufficient-privilege-validation-in-woocommerce-checkout-manager.html

https://www.wordfence.com/blog/2019/05/unauthenticated-media-deletion-vulnerability-patched-in-woocommerce-checkout-manager-plugin/

https://plugins.svn.wordpress.org/woocommerce-checkout-manager/trunk/readme.txt

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-39124)

WordPress Plugin Startklar Elementor Addons Arbitrary File Deletion (1.7.13)

WordPress Plugin CiviCRM Remote Code Execution (5.24.2)

WordPress Plugin Invite Anyone PHP Object Injection (1.3.18)

WordPress Plugin YITH WooCommerce Best Sellers Security Bypass (1.1.11)

Severity

High

Classification

CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Unauthenticated File Upload