PT-2026-20584 · WordPress+1 · Checkout Fields Manager+1
Burak Kılınç
·
Published
2026-02-19
·
Updated
2026-02-23
·
CVE-2025-12500
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Checkout Field Manager (Checkout Manager) for WooCommerce versions prior to 7.8.2
Description
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is susceptible to unauthenticated limited file upload. This is caused by insufficient authorization checks when handling file upload actions through the
ajax checkout attachment upload function. An unauthenticated attacker can upload files to the server, but the file types are restricted to WordPress's default allowed MIME types, such as images and documents.Recommendations
Update to Checkout Field Manager (Checkout Manager) for WooCommerce version 7.8.2 or later.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkout Fields Manager
Woocommerce