The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NTychesoftwares Product Input Fields For Woocommerce
APPTychesoftwares< 2.0
Powiązane podatności
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to i...
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a m...
CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputt...