Deberia revisar su modulo en base seguridad

  • Vulnerabilidad de Subida Arbitraria de Archivos en WooCommerce Catalog Enquiry

    Llevo unos cuantos meses que su modulo permite la Subida Arbitraria de Archivos.
    consejo tengan cuidado si lo instalan yo por la experiencia horrible en seguridad en la versión 3.0.2 pero la ultima 3.1.4 es igual tiene fallos de seguridad las demás funciones muy bien.

Viewing 1 replies (of 1 total)

  • Hi sorry to hear that.

    From our WooCommerce Catalog Enquiry version 3.1.0, we have fixed the vulnerability issue related with File upload. We have changed the File upload logic. We checked file type with wp_get_mime_types and changed the file save location ( for an enquiry trigger ) from wp_upload to system temp directory to avoid any exploits and also after the success/error enquiry trigger, we delete the randomly generated file name from the temp folders, so the file will not be saved.

    We can assure you there is no vulnerability there anymore.

    If you have any further query, please do let us know.

Viewing 1 replies (of 1 total)
  • The topic ‘Deberia revisar su modulo en base seguridad’ is closed to new replies.

Tags