CVE-2025-4403

Published May 9th, 2025

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Drag and Drop Multiple File Upload for WooCommerce

Drag and Drop Multiple File Uploader is a simple, straightforward WordPress plugin extension for WooCommerce that transforms your standard upload interface into a visually appealing file uploader. it allows users to upload multiple files using either the drag-and-drop feature or the common file browsing option on your product page. Plugin requires at least v3.5.0 of WooCommerce. Here’s a little <a href="https://woo-commerce.codedropz.com/product/cap/" rel="nofollow ugc">DEMO</a>. <h3>Features</h3> <ul> <li>File Type Validation</li> <li>File Size Validation</li> <li>Ajax Uploader</li> <li>Limit number of files Upload.</li> <li>Limit files size for each field</li> <li>Can specify custom file types or extension</li> <li>Manage Text and Error message in admin settings</li> <li>Drag & Drop or Browse File – Multiple Upload</li> <li>Display Uploader in WooCommerce – Single Product Page</li> <li>Option to display in “Add to Cart Form”, “Variations Form”, “Add To Cart Button”, “Single Variation”.</li> <li>Able to delete uploaded file before adding to cart</li> <li>Support multiple languages</li> <li>Mobile Responsive</li> <li>Compatible with any browser</li> </ul> <h3>⭐ Premium Features</h3> <ol> <li>Upload Large File – Supports uploading large files.</li> <li>Image Preview – Displays thumbnails for images.</li> <li>Text & Style – Color options, borders, uploader icon, and more.</li> <li>Parallel Upload – Limit simultaneous uploads to optimize server performance.</li> <li>Custom Filename – Define custom filename patterns: (Filename, Username, User ID, IP Address, Random, etc)</li> <li>Change Upload Directory – Customize the default WordPress upload directory.</li> <li>Upload Folder – 📂 Choose a custom folder to store files: ✅ Order No – Customer Order Number ✅ Random – Auto-generated Numbers ✅ Date – Date formmat (e.g., 04-31-2020) ✅ Time – Timestamp ✅ Name – Users customer Firstname ✅ Customer ID – Users customer ID</li> <li>Custom Fees – Basic conditional fees. ✅ Charge the user based on the no. of files (e.g., 20 files ≥ 2 → add $20). ✅ Charge the user based on PDF pages (e.g., 20 pages ≥ 10 → multiply $2).</li> <li>Remove/Reject Files – Able to remove or delete files in admin orders.</li> <li>Chunked Uploads – Upload large files in smaller chunks to avoid timeouts.</li> <li>Uploader Visibility – Show based on (Categories, Products, Tags, Attributes).</li> <li>Uploader Position – Show before or after Add to Cart, Form, or Variations.</li> <li>Uploader Display – Show on either the “Checkout” or “Product” page.</li> <li>ZIP Files – Compress uploaded files into a ZIP archive</li> <li>Seamless Remote Storage Integration (New) 🔥 Supports: Google Drive, Amazon S3, Dropbox, FTP.</li> <li>Attach Files to Email (New) – Include uploaded files in order confirmation emails. 📝 Note: Works only with standard storage (not compatible with remote storage).</li> <li>Ajax Upload – Upload files without page reload for a seamless experience.</li> <li>Unlimited Uploads – Users can upload as many files as needed.</li> <li>Security – Ensure security with regular updates, vulnerability scans, and threat protection.</li> <li>Optimized Code & Performance – Improve speed and efficiency.</li> <li>Unlimited Sites – Use on any number of websites without restrictions.</li> <li>1 Month Premium Support – Get priority assistance for one month.</li> <li>Multilingual Support – Compatible with WPML and Polylang for translations.</li> </ol> Pro version <a href="https://www.codedropz.com/woo-commerce-pro/shop/" rel="nofollow ugc">DEMO</a>. You can get <a href="https://www.codedropz.com/woocommerce-drag-drop-multiple-file-upload/" rel="nofollow ugc">PRO Version here!</a> PRO VERSION – PLUGIN OVERVIEW <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/HoI6roau2Cc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>Other Plugin You May Like</h3> <ul> <li> <a href="https://www.codedropz.com/woo-order-files/" rel="nofollow ugc">Order Files for WooCommerce</a> **An extension that attach files to existing WooCommerce orders, allowing both customers and admins to upload and manage files easily. </li> <li> <a href="https://wordpress.org/plugins/easy-file-upload-approval/" rel="ugc">Easy File Upload & Approval</a> Easy File Upload & Approval – A simple file management plugin that lets users effortlessly upload and submit files for review through a clean and simple drag-and-drop interface. </li> <li> <a href="https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" rel="ugc">Drag & Drop Multiple File Upload – Contact Form 7</a> Drag & Drop File Upload extension for Contact Form 7 </li> <li> <a href="https://www.codedropz.com/drag-drop-file-uploader-wpforms/" rel="nofollow ugc">Drag & Drop Multiple File Upload – WPForms</a> Drag & Drop File Upload extension for WPForms </li> </ul> <h3>Donations</h3> Would you like to support the advancement of this plugin? <a href="http://codedropz.com/donation" rel="nofollow ugc">Donate</a>

WordPress Plugin Directory

80.6K