CVE-2026-27540
Unrestricted File Upload Vulnerability in Woocommerce Wholesale Lead Capture
Publication date: 2026-03-19
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rymera_web_co | woocommerce_wholesale_lead_capture | From 2.0.0 (inc) to 2.0.3.1 (inc) |
| rymera_web_co | woocommerce_wholesale_lead_capture | 2.0.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27540 is a high-priority arbitrary file upload vulnerability in the WordPress WooCommerce Wholesale Lead Capture Plugin versions up to 2.0.3.1.
This flaw allows unauthenticated attackers to upload arbitrary files, including malicious backdoors, which can then be executed to gain unauthorized access and control over affected websites.
The vulnerability is classified under the OWASP Top 10 category A3: Injection and requires no privileges to exploit, making it particularly dangerous.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows attackers to upload and execute malicious files on your website without any authentication.
Successful exploitation can lead to unauthorized access and control over your website, potentially resulting in data breaches, defacement, or further attacks on your infrastructure.
Because the vulnerability requires no privileges to exploit, it poses a high risk to all users of the affected plugin versions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows unauthenticated attackers to upload arbitrary files, including malicious backdoors, to affected websites. Detection can involve monitoring for unusual file uploads or the presence of unexpected files in the WooCommerce Wholesale Lead Capture plugin directories.'}, {'type': 'paragraph', 'content': 'While specific commands are not provided in the resources, general detection methods include scanning the web server directories for recently added or modified files that are not expected, especially executable scripts or files with dangerous extensions.'}, {'type': 'list_item', 'content': "Use commands like 'find /path/to/wordpress/wp-content/plugins/woocommerce-wholesale-lead-capture/ -type f -mtime -7' to find files modified or added in the last 7 days."}, {'type': 'list_item', 'content': 'Check web server logs for suspicious POST requests to upload endpoints related to the plugin.'}, {'type': 'list_item', 'content': "Use malware scanning tools such as 'clamscan' or 'maldet' to detect malicious files on the server."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The most immediate and effective mitigation step is to update the WooCommerce Wholesale Lead Capture plugin to version 2.0.3.2 or later, where the vulnerability is patched.
Until the update can be applied, users can implement the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.
Additionally, enabling automatic mitigation and auto-update features offered by Patchstack can enhance protection against exploitation.
It is also advisable to review and restrict file upload permissions and monitor for suspicious activity on the affected systems.