Easy Upload Files During Checkout WordPress Plugin Unauthenticated Arbitrary JavaScript File Upload Vulnerability
Vulnerability
A vulnerability exists in the Easy Upload Files During Checkout plugin for WordPress, allowing unauthenticated users to upload arbitrary JavaScript files. This issue arises from inadequate file type validation in the 'file_during_checkout' function, affecting all versions up to and including 2.9.8. The uploaded JavaScript could potentially be executed, leading to remote code execution on the server.
Impact
Exploitation of this vulnerability could result in unauthorized JavaScript file uploads, with the potential for remote code execution on the affected server.
Remediation
Users are advised to update the Easy Upload Files During Checkout plugin to version 2.9.9 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.