Vulnerabilities > Woocommerce > Help Scout > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-04-05 CVE-2021-24212 Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Help Scout
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.
network
low complexity
woocommerce CWE-434
critical
9.8