Primary

Context

Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

Vulnerability

Patched

A vulnerability allowing authenticated users to upload arbitrary files has been identified in the Abandoned Cart Pro for WooCommerce plugin, in versions through 9.16.0. This vulnerability arises from inadequate file type validation in the 'wcap_add_to_cart_popup_upload_files' function. An authenticated attacker with subscriber-level access or higher could exploit this vulnerability to upload files to the server, potentially leading to remote or local code execution, depending on the server's configuration.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads, with the uploaded files possibly being executed as code on the server, depending on the server's setup.

Remediation

Users are advised to update the Abandoned Cart Pro for WooCommerce plugin to version 9.17.0 or later.

Added: Jun 10, 2025, 4:19 AM

Updated: Jun 10, 2025, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Tyche Softwares Abandoned Cart Pro for WooCommerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating