Description

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires the PPOM Pro plugin to be installed along with a WooCommerce product that contains a file upload field to retrieve the correct nonce.

INFO

Published Date :

2024-04-26T08:29:20.259Z

Last Modified :

2026-04-08T16:52:06.464Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3962 vulnerability.

Vendors Products
Themeisle
  • Product Addons \& Fields For Woocommerce

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact