PT-2024-35216 · Woocommerce · Kineticpay For Woocommerce
Stealthcopter
·
Published
2024-11-14
·
Updated
2024-11-15
·
CVE-2024-52379
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
kineticPay for WooCommerce versions 2.0.8 and earlier
Description
The issue allows for the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server. This could compromise sites.
Recommendations
For versions 2.0.8 and earlier, patch as soon as possible to mitigate the risk of exploitation.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kineticpay For Woocommerce