CVE-2023-5601

Name of the Vulnerable Software and Affected Versions WooCommerce Ninja Forms Product Add-ons version 1.7.1 and earlier

Description The issue concerns the WooCommerce Ninja Forms Product Add-ons WordPress plugin, which does not validate the file to be uploaded. This allows any unauthenticated users to upload arbitrary files to the server, leading to Remote Code Execution (RCE).

Recommendations For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider disabling file upload functionality until a patch is available. Restrict access to the server to minimize the risk of exploitation.