WordPress Plugin Vulnerabilities

Mollie Payments for WooCommerce < 7.3.12 - Authenticated (Shop Manager+) Arbitrary File Upload

Description

The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in one of its functions in all versions up to, and including, 7.3.11. This makes it possible for authenticated attackers, with Shop Manager access to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
mollie-payments-for-woocommerce
Fixed in 7.3.12

References

CVE
CVE-2023-6090
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5d350095-125a-4445-89c1-bce437e4098c

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
925ec264-6d23-42fa-bcc9-9b4410ea9995

Timeline

Publicly Published
2023-11-27 (about 2 years ago)
Added
2023-11-29 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
Amoveo - Arbitrary File Upload
Published
2015-04-22
Title
Ultimate Product Catalogue <= 3.1.1 - Unauthenticated File Upload
Published
2021-03-21
Title
WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE
Published
2025-04-08
Title
Processing Projects <= 1.0.2 - Authenticated (Shop Manager+) Arbitrary File Upload
Published
2020-08-13
Title
Quiz and Survey Master < 7.0.1 - Arbitrary File Upload