Description

WordPress Plugin Checkout Field Editor for WooCommerce (Pro) is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Checkout Field Editor for WooCommerce (Pro) version 3.6.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.6.3 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-checkout-field-editor-pro/checkout-field-editor-for-woocommerce-pro-362-unauthenticated-arbitrary-file-deletion

https://www.themehigh.com/changelog/?view=12

Related Vulnerabilities

Moodle Improper Input Validation Vulnerability (CVE-2012-0801)

WordPress Plugin wpShopGermany Free Arbitrary File Upload (4.0.10)

Squid Out-of-bounds Write Vulnerability (CVE-2019-12521)

Lighttpd Integer Overflow or Wraparound Vulnerability (CVE-2019-11072)

Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-8663)

Severity

High

Classification

CVE-2024-35658 CWE-73 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update