Vanquish Woocommerce Upload Files — known CVE vulnerabilities
Every CVE whose affected-product data names Vanquish Woocommerce Upload Files, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-24171 — CVSS 9.8 (critical): The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was…
CVE-2024-10820 — CVSS 9.8 (critical): The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…