CVE-2024-7257

Name of the Vulnerable Software and Affected Versions YayExtra – WooCommerce Extra Product Options plugin for WordPress versions up to, and including, 1.3.7

Description The issue is related to arbitrary file uploads due to missing file type validation in the handle upload file function. This allows unauthenticated attackers to upload arbitrary files on the affected site's server, which may lead to remote code execution.

Recommendations For versions up to, and including, 1.3.7, update to a version later than 1.3.7 to resolve the issue. As a temporary workaround, consider disabling the handle upload file function until a patch is available.