CVE-2025-2941 is classified as a critical vulnerability with a CVSS score of 9.8. The vulnerability resides in the Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress and allows unauthenticated attackers to exploit insufficient file path validation through the wc-upload-file[] parameter. This could lead to arbitrary file movement on the server, posing a severe risk of remote code execution, particularly if sensitive files like wp-config.php are manipulated.
The implications of this vulnerability are significant. Attackers may leverage this flaw to execute arbitrary code, potentially compromising the entire application and the underlying server. Given the ease of exploitation due to the lack of required privileges or user interaction, organizations utilizing this plugin must act swiftly.
Risk to organizations includes unauthorized access to sensitive data, complete system compromise, and potential disruption of services. Organizations should prioritize patching immediately to defend against potential exploitation. As of the latest updates, there are no known exploits or proofs of concept available publicly, but the critical nature of this vulnerability necessitates immediate attention.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)