CVE-2023-4821

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload for WooCommerce WordPress plugin versions prior to 1.1.1

Description The issue allows an attacker to upload unsafe files, including .shtml or .svg files, which can contain malicious scripts. This is due to the plugin not filtering all potentially dangerous file extensions.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only trusted users or disabling the file upload feature until the update is applied.