Vulnerabilities > Vanquish

DATE CVE VULNERABILITY TITLE RISK
2024-11-13 CVE-2024-10820 Unspecified vulnerability in Vanquish Woocommerce Upload Files
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3.
network
low complexity
vanquish
critical
9.8
2021-04-05 CVE-2021-24171 Unrestricted Upload of File with Dangerous Type vulnerability in Vanquish Woocommerce Upload Files
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php.
network
low complexity
vanquish CWE-434
critical
9.8