CVE-2026-28114
Unrestricted File Upload in WooCommerce License Manager Enables Remote Code Execution
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| firassaidi | woocommerce_license_manager | to 7.0.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28114 is an Arbitrary File Upload vulnerability in the WooCommerce License Manager WordPress plugin (versions up to 7.0.6). It allows an attacker with shop manager or developer privileges to upload any type of file to the affected website, including dangerous files like web shells.
This means a malicious user can upload backdoors or other harmful scripts that can be executed on the web server, potentially leading to further unauthorized access or control over the website.
The vulnerability falls under the OWASP Top 10 category A3: Injection and is considered moderately dangerous with a CVSS score of 9.1.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to your web server by allowing attackers to upload and execute malicious files such as web shells.
Once exploited, attackers can gain control over the website, potentially leading to data theft, website defacement, or using the server as a launchpad for further attacks.
Because the vulnerability requires only shop manager or developer privileges, it can be exploited by insiders or compromised accounts, increasing the risk.
Prompt patching to version 7.0.7 or later is critical to mitigate this risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows arbitrary file uploads, including web shells, to the affected WooCommerce License Manager plugin. Detection can involve scanning the web server for suspicious uploaded files or monitoring for unusual file upload activity.'}, {'type': 'paragraph', 'content': "Specific commands are not provided in the available resources, but common approaches include searching the web server directories for recently uploaded files with suspicious extensions or content, and checking web server logs for unusual POST requests to the plugin's upload endpoints."}, {'type': 'list_item', 'content': "Use commands like 'find /path/to/wordpress/wp-content/uploads/ -type f -mtime -7' to locate recently uploaded files."}, {'type': 'list_item', 'content': 'Use \'grep -r "<?php" /path/to/wordpress/wp-content/uploads/\' to find files containing PHP code that could indicate a web shell.'}, {'type': 'list_item', 'content': 'Review web server access logs for suspicious POST requests targeting the WooCommerce License Manager plugin upload endpoints.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation step is to update the WooCommerce License Manager plugin to version 7.0.7 or later, where the vulnerability has been patched.
Until the update can be applied, enabling mitigation rules provided by Patchstack that block attacks targeting this vulnerability is recommended.
Additionally, enabling auto-updates for vulnerable plugins can help ensure rapid protection against exploitation.