CVE-2025-22782

Name of the Vulnerable Software and Affected Versions WR Price List Manager For Woocommerce versions 1.0.0 through 1.0.8

Description The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of files with dangerous types. This can lead to significant security risks.

Recommendations For versions 1.0.0 through 1.0.8, consider disabling the file upload feature until a patch is available to prevent potential exploitation. Restrict access to the vulnerable module to minimize the risk of uploading malicious files. Avoid using the file upload functionality in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.