Product Input Fields for WooCommerce Unauthenticated File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the Product Input Fields for WooCommerce plugin for WordPress, affecting all versions through 1.12.0. The issue arises from inadequate file type validation in the 'add_product_input_fields_to_order_item_meta()' function. This vulnerability could enable unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution. By default, the plugin is only susceptible to double extension file upload attacks, unless an administrator leaves the accepted file extensions field blank, which could allow .php file uploads.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads, with the potential for remote code execution, particularly if a malicious PHP file is uploaded.

Reproduction

The vulnerability can be reproduced by uploading a file through the product input fields, while ensuring that the accepted file extensions field is left blank. This will allow the upload of a .php file, bypassing the default restriction that only double extension file uploads.

Remediation

Users are advised to update the Product Input Fields for WooCommerce plugin to version 1.12.1 or later.