PT-2026-20584 · WordPress+1 · Checkout Fields Manager+1

Burak Kılınç

Publicado

2026-02-19

Atualizado

2026-02-23

CVE-2025-12500

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Checkout Field Manager (Checkout Manager) for WooCommerce versions prior to 7.8.2

Description The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is susceptible to unauthenticated limited file upload. This is caused by insufficient authorization checks when handling file upload actions through the ajax checkout attachment upload function. An unauthenticated attacker can upload files to the server, but the file types are restricted to WordPress's default allowed MIME types, such as images and documents.

Recommendations Update to Checkout Field Manager (Checkout Manager) for WooCommerce version 7.8.2 or later.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2025-12500

Produtos afetados

Checkout Fields Manager

Woocommerce

PT-2026-20584 · WordPress+1 · Checkout Fields Manager+1

CVE-2025-12500

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8