Description

WordPress Plugin Checkout Field Editor for WooCommerce (Pro) is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Checkout Field Editor for WooCommerce (Pro) version 3.6.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.6.3 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-checkout-field-editor-pro/checkout-field-editor-for-woocommerce-pro-362-unauthenticated-arbitrary-file-deletion

https://www.themehigh.com/changelog/?view=12

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-1413)

WordPress Plugin WooCommerce Privilege Escalation (3.5.0)

WordPress Plugin Newsletter by Supsystic Cross-Site Scripting (1.1.7)

Joomla CVE-2006-4472 Vulnerability (CVE-2006-4472)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000398)

Severity

High

Classification

CVE-2024-35658 CWE-73 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update