WordPress · Woocommerce Refund/Exchange With Rma - Warranty Management · CVE-2025-6222
**Name of the Vulnerable Software and Affected Versions**
WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet versions up to and including 3.2.6
**Description**
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation in the `ced rnx order exchange attach files` function. This allows unauthenticated attackers to upload arbitrary files to the affected server, potentially leading to remote code execution.
**Recommendations**
WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet versions prior to 3.2.7 should be updated.