PT-2026-22097 · Rymera Web Co Pty · Woocommerce Wholesale Lead Capture

Teemu Saarentaus

·

Publicado

2026-02-25

·

Atualizado

2026-03-19

·

CVE-2026-27540

CVSS v3.1

9.0

Crítica

VetorAV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Woocommerce Wholesale Lead Capture versions through 2.0.3.1
Description The software contains an unrestricted file upload issue that allows the use of malicious files. This allows for potential webshell deployment. The issue involves the ability to upload files without proper restrictions, potentially leading to compromise.
Recommendations Update Woocommerce Wholesale Lead Capture to a version later than 2.0.3.1.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2026-27540

Produtos afetados

Woocommerce Wholesale Lead Capture