CVE-2023-33318: WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload
First published: Wed Dec 20 2023(Updated: )
Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Woocommerce Automatewoo | <=4.9.40 |
Remedy
Update to 4.9.50 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-33318?
The severity of CVE-2023-33318 is rated as high due to the unrestricted file upload vulnerability.
How do I fix CVE-2023-33318?
To fix CVE-2023-33318, update WooCommerce AutomateWoo to version 4.9.41 or later.
Which versions of WooCommerce AutomateWoo are affected by CVE-2023-33318?
CVE-2023-33318 affects WooCommerce AutomateWoo versions up to and including 4.9.40.
What are the risks associated with CVE-2023-33318?
The risks include potential remote code execution and unauthorized access to sensitive files.
Is there a workaround for CVE-2023-33318 if I cannot update?
As a temporary workaround for CVE-2023-33318, disable file upload functionalities in AutomateWoo until an update can be applied.
- collector/mitre-cve
- collector/nvd-api
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/weakness
- agent/title
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- vendor/woocommerce
- canonical/woocommerce automatewoo
- version/woocommerce automatewoo/4.9.40