WordPress Plugin Checkout Field Editor for WooCommerce (Pro) Arbitrary File Deletion (3.6.2) - Vulnerability Database

WordPress Plugin Checkout Field Editor for WooCommerce (Pro) Arbitrary File Deletion (3.6.2)

Description

WordPress Plugin Checkout Field Editor for WooCommerce (Pro) is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Checkout Field Editor for WooCommerce (Pro) version 3.6.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.6.3 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-checkout-field-editor-pro/checkout-field-editor-for-woocommerce-pro-362-unauthenticated-arbitrary-file-deletion

https://www.themehigh.com/changelog/?view=12

Related Vulnerabilities

Severity

High

Classification

CVE-2024-35658

CWE-73

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N