PT-2026-22097 · Rymera Web Co Pty · Woocommerce Wholesale Lead Capture
Teemu Saarentaus
·
Published
2026-02-25
·
Updated
2026-03-19
·
CVE-2026-27540
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Woocommerce Wholesale Lead Capture versions through 2.0.3.1
Description
The software contains an unrestricted file upload issue that allows the use of malicious files. This allows for potential webshell deployment. The issue involves the ability to upload files without proper restrictions, potentially leading to compromise.
Recommendations
Update Woocommerce Wholesale Lead Capture to a version later than 2.0.3.1.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Woocommerce Wholesale Lead Capture