Description
WordPress Plugin WooCommerce Upload My File is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WooCommerce Upload My File version 0.3.9 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 0.4.0 or latest
References
Related Vulnerabilities
PHP Out-of-bounds Read Vulnerability (CVE-2019-11042)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)
WordPress Plugin TallyKit Cross-Site Scripting (5.4)
Perl Out-of-bounds Read Vulnerability (CVE-2018-6798)
PHP Incorrect Calculation of Buffer Size Vulnerability (CVE-2008-0599)