CVE-2026-57710
Received Received - Intake

Unrestricted File Upload in WoowBot Pro Max

Vulnerability report for CVE-2026-57710, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through <= 14.1.7.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
quantumcloud woowbot_pro_max to 14.1.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress WoowBot Pro Max Plugin, specifically versions 14.1.7 and earlier, contains an Arbitrary File Upload vulnerability. This flaw allows attackers to upload malicious files, including backdoors, to a website without restriction. Exploiting this vulnerability can give attackers unauthorized access to the affected website.

Impact Analysis

This vulnerability can have severe impacts, including unauthorized access to your website by attackers who upload malicious files. Such access can lead to data breaches, website defacement, or the site being used to launch further attacks. The high CVSS score of 9.9 reflects the critical risk and potential for widespread exploitation.

Detection Guidance

This vulnerability involves an arbitrary file upload issue in the WoowBot Pro Max WordPress plugin, allowing attackers to upload malicious files such as backdoors.

To detect exploitation attempts on your system or network, you should monitor for unusual file uploads, especially files with suspicious extensions or unexpected locations within your WordPress installation.

While specific commands are not provided in the available resources, general detection steps include:

  • Checking web server logs for POST requests to the WoowBot Pro Max plugin upload endpoints.
  • Using commands like 'grep' to search for suspicious file upload activity, for example: grep -i 'upload' /var/log/apache2/access.log
  • Scanning the WordPress uploads directory for recently added or modified files with unusual extensions or names.
  • Using file integrity monitoring tools to detect unexpected changes in plugin directories.
Mitigation Strategies

The primary immediate mitigation step is to update the WoowBot Pro Max plugin to version 14.1.8 or later, where this vulnerability is fixed.

If updating is not immediately possible, it is recommended to apply the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Additionally, users should seek assistance from their hosting provider or web developer to implement temporary protections.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57710. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart