WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload

Description

The plugin ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.

Affects Plugins

woocommerce-upload-files
Fixed in version 59.4

References

CVE
CVE-2021-24171
URL
https://www.wordfence.com/blog/2021/03/critical-vulnerability-patched-in-woocommerce-upload-files/

Classification

Type

RCE

OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Original Researcher

Ramuel Gall

Submitter

Ramuel Gall

Submitter twitter
ramuelgall
Verified

Yes

WPVDB ID
ed4288a1-f7e4-455f-b765-5ac343f87194

Timeline

Publicly Published

2021-03-04 (about 2 years ago)

Added

2021-03-04 (about 2 years ago)

Last Updated

2021-04-03 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin