VYPR

File Uploader For Woocommerce

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-13329CriDec 20, 2025
    risk 0.57cvss 9.8epss 0.01

    The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for…

  • CVE-2026-25397HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.