CVE-2023-4821

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
codedropzdrag_and_drop_multiple_file_uploader
𝑥
< 1.1.1
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5
https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5