On March 28th, 2025, we received a submission for an Arbitrary File Move vulnerability in Drag and Drop Multiple File Upload for WooCommerce, a WordPress plugin with more than 6,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to move arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
The post 6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence