Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-12
CVE-2025-4403 - Drag And Drop Multiple File Upload For Woocommerce Plugin
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
PLUGIN
Drag And Drop Multiple File Upload For Woocommerce
CVE-2025-4403
Risk Score
Threat Entry
Updated 2025-04-07
CVE-2025-2941 - Drag And Drop Multiple File Upload For Woocommerce Plugin
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
PLUGIN
Drag And Drop Multiple File Upload For Woocommerce
CVE-2025-2941
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4821 - Drag And Drop Multiple File Upload For Woocommerce Plugin
The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
PLUGIN
Drag And Drop Multiple File Upload For Woocommerce
CVE-2023-4821
Risk Score