- Description
- The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
WordPressのプラグインDrag and Drop Multiple File Upload for WooCommerceに重大(Critical)な脆弱性。CVE-2025-2941はCVSSスコア9.8で、任意ファイル移動の脆弱性。wc-upload-file[]パラメータの検証不備。wp-config.phpの移動等により任意コード実行可能。1.1.5で修正。 https://t.co/OKeleb2flF
@__kokumoto
17 Apr 2025
1141 Impressions
2 Retweets
7 Likes
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-2941: CRITICAL] Vulnerability in WooCommerce plugin allows unauthenticated attackers to move arbitrary files on server, posing a risk of remote code execution. Update to version 1.1.5.#cybersecurity,#vulnerability https://t.co/8sHLV02Imh https://t.co/lCf9BF4aLB
@CveFindCom
7 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2941 ⚠️🔴 CRITICAL (9.8) 🏢 glenwpcoder - Drag and Drop Multiple File Upload for WooCommerce 🏗️ * 🔗 https://t.co/pDSxGwkv2v 🔗 https://t.co/xEVf593ys9 🔗 https://t.co/54B6OTjAiG #CyberCron #VulnAlert #InfoSec https://t.co/0Sj5CLy9TX
@cybercronai
5 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes