WordPress Plugin Vulnerabilities

Api2Cart Bridge Connector < 1.2.0 - Unauthenticated Arbitrary File Upload

Description

The plugin does not validate file to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP

Affects Plugins

Plugin icon
api2cart-bridge-connector
Fixed in 1.2.0

References

CVE
CVE-2022-42698

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
8c0d89fb-dbd9-48fe-a9fb-47e63e343f01

Timeline

Publicly Published
2022-10-28 (about 3 years ago)
Added
2022-11-19 (about 3 years ago)
Last Updated
2022-11-19 (about 3 years ago)

Other

Published
Title
Published
2012-01-06
Title
FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload
Published
2021-10-21
Title
Catch Themes Demo Import < 1.8 - Admin+ Arbitrary File Upload
Published
2026-03-23
Title
JupiterX Core < 4.14.2 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import
Published
2025-06-09
Title
Abandoned Cart Pro for WooCommerce < 9.17.0 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2021-06-29
Title
Super Progressive Web Apps < 2.1.13 - Authenticated (High Privileged) Arbitrary File Upload to RCE