CVE-2024-13744

Name of the Vulnerable Software and Affected Versions Booster for WooCommerce plugin for WordPress versions 4.0.1 through 7.2.4

Description The issue is related to arbitrary file uploads due to missing file type validation in the validate product input fields on add to cart function. This allows unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For Booster for WooCommerce plugin for WordPress versions 4.0.1 through 7.2.4, consider disabling the validate product input fields on add to cart function until a patch is available to prevent arbitrary file uploads. Restrict access to the affected plugin to minimize the risk of exploitation. Avoid using the vulnerable function in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.