WooMulti WordPress Plugin Vulnerability

HIGH (7.3) No Patch (1 days)
phppluginsql-injectionwordpress

Threat Intelligence

Low Risk
EPSS Score: 0.04% chance of exploitation (percentile: 12%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The WooMulti WordPress plugin is a popular file management tool for WordPress websites. It allows users to manage and delete files on the server. However, due to a vulnerability in this plugin, an authenticated user can potentially delete arbitrary files on the server, allowing them to access sensitive data or disrupt the website's functionality.

Am I affected?

You're affected if you use WooMulti WordPress. Affected versions: 17

Affected Products

WooThemes / WooMulti

How to fix

To fix this vulnerability, you can upgrade to WooMulti version 18 or later. You can do this by:

  • Updating your WordPress plugin repository URL in the wp-config.php file
  • Running the following command in your terminal:
wp update-plugin woo-multi --version=18+

If an immediate fix isn't possible, you can implement the following mitigations:

  • Restrict access to the WooMulti plugin by adding a custom capability to the wp-admin role
  • Monitor file deletion activity for suspicious patterns

References