The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion.
Metrics
Affected Vendors & Products
References
History
Thu, 16 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-434 | |
| Metrics |
cvssV3_1
|
Thu, 16 Jul 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion. | |
| Title | Customer Reviews for WooCommerce < 5.113.0 - Unauthenticated Arbitrary Media Upload via cr_upload_media | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-07-16T17:57:31.091Z
Reserved: 2026-06-19T07:49:11.659Z
Link: CVE-2026-12684
Updated: 2026-07-16T17:56:58.825Z
No data.
No data.
OpenCVE Enrichment
No data.