CVE-2023-4821

EUVD-2023-54664
The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
codedropzdrag_and_drop_multiple_file_uploader
𝑥
< 1.1.1
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5
https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5