Name of the Vulnerable Software and Affected Versions:

Booster for WooCommerce versions up to and including 7.2.4

Description:

The Booster for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the `add files to order` function. This allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution on the affected server, contingent upon specific configuration settings that execute the first file extension present.

Recommendations:

Update Booster for WooCommerce to a version later than 7.2.4.