CVE-2025-11391
BaseFortify
Publication date: 2025-10-18
Last updated on: 2025-10-21
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woocommerce | product_addons | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized file uploads by attackers, which may lead to remote code execution on the server hosting the WordPress site. This can compromise the entire site, allowing attackers to execute arbitrary commands, steal data, deface the website, or use the server for malicious activities.
Can you explain this vulnerability to me?
The vulnerability in the PPOM β Product Addons & Custom Fields for WooCommerce plugin allows unauthenticated attackers to upload arbitrary files to the affected WordPress site due to missing file type validation in the image cropper functionality. This flaw exists in all versions up to and including 33.0.15 and affects users with the paid version activated. The lack of proper validation means attackers can upload malicious files, potentially leading to remote code execution on the server. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the affected WooCommerce Product Addons & Custom Fields for WooCommerce plugin version is up to and including 33.0.15 with the paid version installed and activated. Since the vulnerability allows unauthenticated arbitrary file uploads via the image cropper functionality, monitoring HTTP requests for suspicious file upload attempts to the plugin's endpoints related to cropped image saving (e.g., POST requests containing cropped image data) can help detect exploitation attempts. There are no specific commands provided in the resources, but you can use web server logs or intrusion detection systems to look for unusual POST requests to URLs related to the plugin's image cropper. Additionally, scanning the plugin version installed on your WordPress site can be done via WP-CLI with a command like `wp plugin get woocommerce-product-addon --field=version` to verify if the version is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the WooCommerce Product Addons & Custom Fields for WooCommerce plugin to version 33.0.16 or later, where the vulnerability has been fixed by adding proper file type validation and sanitization in the image cropper functionality and securing SQL queries with prepared statements. If updating immediately is not possible, disabling or deactivating the paid version of the plugin can prevent exploitation since the vulnerability affects only paid users. Additionally, monitoring and restricting file upload endpoints and applying Web Application Firewall (WAF) rules to block unauthorized file uploads can help mitigate risk. [1, 2]