Vulnerabilities > Directsoftware

DATE CVE VULNERABILITY TITLE RISK
2024-10-12 CVE-2024-9756 Missing Authorization vulnerability in Directsoftware Order Attachments for Woocommerce
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1.
network
low complexity
directsoftware CWE-862
4.3
4.3