cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13355,https://securityvulnerability.io/vulnerability/CVE-2024-13355,Insufficient File Upload Validation in Admin and Customer Messages Plugin for WooCommerce,"The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress suffers from a lack of proper file type validation in its upload_file() function. This vulnerability affects all versions up to and including 13.2. Authenticated users with Subscriber-level access and above can exploit this weakness to upload potentially malicious files, leading to serious security risks such as remote code execution and confirmed Cross-Site Scripting vulnerabilities, putting affected sites at significant risk.",Wordpress,Admin And Customer Messages After Order For WooCommerce: Orderconvo,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-16T09:39:14.156Z,0