Unrestricted Upload of File with Dangerous Type

CRITICAL (10.0) No Patch (151 days)
cwe-434phppluginsql-injectionwordpress

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available
EPSS Score: 0.06% chance of exploitation (percentile: 19%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

The Webkul Medical Prescription Attachment Plugin for WooCommerce is a plugin used to manage medical prescriptions in WordPress. This vulnerability allows attackers to upload a web shell to the server by exploiting an unrestricted file upload feature. If your website uses this plugin, you're at risk of having malicious code executed on your server.

Am I affected?

You're affected if you use Unrestricted Upload of File with Dangerous Type vulnerability. Affected versions: 1.2.3 If you don't recognise this software, you're probably not affected.

Affected Products

Webkul / Medical Prescription Attachment Plugin for WooCommerce

How to fix

Concrete steps:

  1. Immediately update to version 1.2.4 or later.

  2. Download from: https://webkul.com/downloads/medical-prescription-attachment-plugin-for-woocommerce

  3. If upgrading isn't possible:
    a. Restrict file uploads to only allowed extensions (e.g., .pdf, .docx).
    - WordPress: Go to Settings > Media > Upload settings.
    b. Monitor for suspicious activity and restrict access to the plugin's directory.

References