Unrated severityNVD Advisory· Published Jan 8, 2024· Updated Jun 18, 2025
Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution
CVE-2023-5957
Description
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Ni Purchase Order(PO) For WooCommerce plugindescription
- Range: <=1.2.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/70f823ff-64ad-4f05-9eb3-b69b3b79dc12mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.