Primary

Context

Hippoo Mobile App for WooCommerce Missing Authorization Vulnerability Allowing Arbitrary File Write

Vulnerability

A vulnerability exists in the Hippoo Mobile App for WooCommerce plugin for WordPress, in all versions through 1.7.1. The issue arises from a missing authorization check in a REST API endpoint, which is registered to allow unauthenticated access. This flaw enables unauthenticated attackers to write arbitrary JSON content to the server's publicly accessible upload directory.

Impact

Exploitation of this vulnerability allows for unauthorized writing of files to the server, potentially leading to arbitrary file upload issues.

Remediation

Users are advised to update the Hippoo Mobile App for WooCommerce plugin to version 1.7.2 or a newer patched version.

Added: Dec 12, 2025, 7:24 AM

Updated: Dec 12, 2025, 7:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

1.3

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

1.3

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hippoo Mobile App for WooCommerce Missing Authorization Vulnerability Allowing Arbitrary File Write

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating