Rin Miyachi

#12259of 53,632
22.3Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2025-47288
7.2
2025-11-18
WordPress · Wp Wham Checkout Files Upload For Woocommerce · CVE-2025-4212
**Name of the Vulnerable Software and Affected Versions** Checkout Files Upload for WooCommerce plugin for WordPress versions up to and including 2.2.1 **Description** The plugin is susceptible to Stored Cross-Site Scripting through file uploads. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into image files. These scripts execute when a user accesses the affected page. **Recommendations** Update to a version later than 2.2.1.
PT-2025-20546
9.8
2025-05-09
Woocommerce · Drag/Drop Multiple File Upload For Woocommerce · CVE-2025-4403
**Name of the Vulnerable Software and Affected Versions** Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress versions up to, and including, 1.1.6 **Description** The issue allows unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible. This is due to the plugin accepting a user-supplied `supported type` string and the uploaded filename without enforcing real extension or MIME checks within the `upload()` function. **Recommendations** For versions up to, and including, 1.1.6, consider disabling the `upload()` function until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation. Avoid using the `supported type` string and uploaded filename without proper validation and sanitization. Update to a version that includes a fix for this issue when available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-32522
5.3
2023-11-13
WordPress · Yop Poll · CVE-2023-6109
**Name of the Vulnerable Software and Affected Versions** YOP Poll plugin for WordPress versions up to, and including, 6.5.26 **Description** The issue is due to a race condition caused by improper restrictions on the `add()` function. This allows unauthenticated attackers to place multiple votes on a single poll, even when the poll is set to one vote per person. **Recommendations** For versions up to, and including, 6.5.26, update to a version higher than 6.5.26 to resolve the issue. As a temporary workaround, consider disabling the `add()` function until a patch is available.