CVE-2023-4821

Published: Oct 16, 2023Modified: Apr 23, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.

Affected (1)

Products: Codedropz: Drag And Drop Multiple File Uploader

Codedropz

1 product

Drag And Drop Multiple File Uploader

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Codedropz Drag And Drop Multiple File Uploader	Before 1.1.1

References (2)

https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.