CVE-2025-12500
Unauthenticated File Upload Vulnerability in WooCommerce Checkout Manager
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | woocommerce_checkout_manager | to 7.8.1 (inc) |
| wordfence | woocommerce_checkout_manager | 7.8.2 |
| wordfence | woocommerce_checkout_manager | 7.8.0 |
| woocommerce | checkout_field_manager | to 7.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the WooCommerce Checkout Manager plugin for WordPress (up to version 7.8.1) allows unauthenticated attackers to upload files to the server via the "ajax_checkout_attachment_upload" function. This happens because the plugin does not properly verify if the user is authorized to perform file uploads. Although the uploaded file types are limited to WordPress's default allowed MIME types (such as images and documents), unauthorized users can still upload files without logging in or having proper permissions.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to upload files to your server without authentication. Even though the file types are limited, this can still lead to potential abuse such as storage of malicious files, exploitation of server resources, or use as a foothold for further attacks. It may also lead to unauthorized modification or addition of content related to WooCommerce orders.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves identifying unauthorized or unauthenticated file upload attempts targeting the WooCommerce Checkout Manager plugin\'s AJAX endpoint "ajax_checkout_attachment_upload".'}, {'type': 'paragraph', 'content': 'You can monitor web server logs for POST requests to the AJAX handler URL related to file uploads without proper authentication or nonce verification.'}, {'type': 'paragraph', 'content': 'Example commands to detect suspicious activity include:'}, {'type': 'list_item', 'content': "Using grep to find POST requests to the vulnerable AJAX endpoint in Apache or Nginx logs: grep -i 'POST.*ajax_checkout_attachment_upload' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': 'Checking for requests missing valid nonce parameters or from unauthenticated IPs.'}, {'type': 'list_item', 'content': 'Using WordPress debug or audit logs (if enabled) to identify unauthorized file upload attempts.'}, {'type': 'paragraph', 'content': 'Additionally, scanning for the plugin version installed (versions up to 7.8.1 are vulnerable) can help confirm exposure.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation step is to update the WooCommerce Checkout Manager plugin to version 7.8.2 or later, where the vulnerability is fixed.
Version 7.8.2 includes multiple security enhancements such as:
- Strict authorization checks on file uploads, including nonce verification and user/session validation.
- Limiting the number of files per upload to prevent abuse.
- Removal of unauthenticated file deletion capabilities.
- Authorization checks on file deletion ensuring only authenticated and authorized users can delete attachments.
If immediate update is not possible, consider temporarily disabling the file upload feature or restricting access to the AJAX endpoints via web server rules or firewall to prevent unauthenticated access.