WordPress Plugin Vulnerabilities
Customer Reviews for WooCommerce < 5.113.0 - Unauthenticated Arbitrary Media Upload via cr_upload_media
Description
The plugin does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion.
Proof of Concept
Affects Plugins
References
CVE
Miscellaneous
Original Researcher
Tom C
Submitter
Tom C
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2026-06-25 (about 21 days ago)
Added
2026-06-25 (about 20 days ago)
Last Updated
2026-06-25 (about 20 days ago)