Text only | Text with Images

WordPress Community Forum

WordPress Support => WordPress Vulnerability => Topic started by: Kailash on Jun 07, 2022, 07:48 AM

Title: WordPress Product Configurator for WooCommerce plugin Vulnerability
Post by: Kailash on Jun 07, 2022, 07:48 AM
WordPress Product Configurator for WooCommerce plugin Vulnerability

Plugin name: Product Configurator for WooCommerce
Vulnerable versions: <= 1.2.31
Fixed in: 1.2.32
CVE ID: CVE-2022-1953
Classification: Other Vulnerability Type
Publicly disclosed: 2022-06-06

Vulnerability Details

Unauthenticated Arbitrary File Deletion vulnerability discovered by cydave in WordPress Product Configurator for WooCommerce plugin (versions <= 1.2.31).

Solution

Update the WordPress Product Configurator for WooCommerce plugin to the latest available version (at least 1.2.32).

Plugin Link: https://wordpress.org/plugins/product-configurator-for-woocommerce/
Text only | Text with Images