Vulnerability Details CVE-2024-3962
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires the PPOM Pro plugin to be installed along with a WooCommerce product that contains a file upload field to retrieve the correct nonce.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.08
EPSS Ranking 91.7%
CVSS Severity
CVSS v3 Score 9.8
References
- https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon
- https://themeisle.com/plugins/ppom-pro/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=cve
- https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon
- https://themeisle.com/plugins/ppom-pro/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=cve
Products affected by CVE-2024-3962
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:-
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:1.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:10.10
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:10.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:10.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:10.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:10.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.5.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:11.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:12.9.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.6.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:13.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:14.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:14.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:14.1.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:14.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:14.2.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:14.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:15.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:15.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:15.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:15.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:15.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:15.4.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:15.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.8.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:16.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:17.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:17.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:17.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:17.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:17.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:17.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:18.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:19.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:2.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:2.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:2.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:2.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:2.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:20.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:20.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:20.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:20.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:20.4.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:20.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:21.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:22.8.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:23.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:23.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:23.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:23.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:23.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:23.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:24.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:3.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:3.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:3.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:3.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:3.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:3.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:3.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:30.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:30.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:30.1.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:30.1.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:30.1.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:30.1.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:31.0.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:31.0.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.10
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.11
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.12
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.13
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.14
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.15
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.16
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.17
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.18
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.5
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.6
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.7
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.8
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:32.0.9
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:4.0
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:4.1
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:4.2
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:4.3
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:4.4
-
cpe:2.3:a:themeisle:product_addons_&_fields_for_woocommerce:4.5