CVE-2024-13622: File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
First published: Tue Feb 18 2025(Updated: )
The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments uploaded by customers.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WooCommerce File Uploads Addon | <=1.7.1 | |
| WooCommerce File Uploads Addon | <=1.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86bb77-7194-4a8d-b862-6f04d850017b?source=cve
- https://plugins.trac.wordpress.org/browser/woo-addon-uploads/trunk/woocommerce-addon-uploads.php#L80
- https://plugins.trac.wordpress.org/browser/woo-addon-uploads/trunk/includes/class-wau-front-end.php#L81
Frequently Asked Questions
What is the severity of CVE-2024-13622?
The severity of CVE-2024-13622 is considered critical due to the potential for unauthenticated attackers to access sensitive information.
How do I fix CVE-2024-13622?
To fix CVE-2024-13622, update the File Uploads Addon for WooCommerce plugin to version 1.7.2 or later.
What versions are affected by CVE-2024-13622?
CVE-2024-13622 affects all versions of the File Uploads Addon for WooCommerce up to and including version 1.7.1.
What type of vulnerability is CVE-2024-13622?
CVE-2024-13622 is a vulnerability that leads to sensitive information exposure due to improper security in the uploads directory.
Who can exploit CVE-2024-13622?
CVE-2024-13622 can be exploited by unauthenticated attackers, making it particularly risky for installations of the affected plugin.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/author
- agent/source
- agent/severity
- agent/event
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/woocommerce
- canonical/woocommerce file uploads addon
- vendor/imaginate-solutions
- version/woocommerce file uploads addon/1.7.1