Lucky_Noob

**Name of the Vulnerable Software and Affected Versions** Order Attachments for WooCommerce plugin for WordPress versions 2.0 through 2.4.1 **Description** The issue is related to unauthorized limited arbitrary file uploads due to a missing capability check on the "wcoa add attachment" AJAX action. This allows authenticated attackers with subscriber-level access and above to upload limited file types. **Recommendations** For versions 2.0 through 2.4.1, update to a version that includes a fix for the missing capability check on the wcoa add attachment AJAX action. As a temporary workaround, consider restricting access to the wcoa add attachment AJAX action to prevent unauthorized file uploads until a patch is available.