Approved changes feed: RSS · Atom

cpe:2.3:a:fahadmahmood:easy_upload_files_during_checkout:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorFahadmahmood (598523eb-f5ef-5682-b133-d9190b3254ad)
ProductEasy Upload Files During Checkout (37934921-e084-53e1-baab-c1b3ca44c0dd)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-12682 vulnerable 2026-06-08 07:04:30.640910 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
CRITICAL (9.8)
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.
Published: 2025-11-04T13:47:35.380Z
Updated: 2026-04-08T16:58:46.542Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.