Product Options and Price Calculation Formulas for WooCommerce

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uni_cpo_upload_file' function in all versions up to, and including, 4.9.54. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Basic Information

ID CVE-2025-10412

Source Wordfence

Published Sep 23, 2025 at 09:25

Affected Product

Vendor MooMoo

Product Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium)

Version *

Affected Versions MooMoo Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) *

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "The Product Options and Price Calculation Formulas for WooCommerce \u2013 Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uni_cpo_upload_file' function in all versions up to, and including, 4.9.54. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",
    "published": "2025-09-23T09:25:56.611Z",
    "modified": "2025-09-23T09:25:56.611Z",
    "type": "cve",
    "title": "Product Options and Price Calculation Formulas for WooCommerce \u2013 Uni CPO (Premium) <= 4.9.54 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file'",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0c6a45-2c4a-4a23-84e6-7a9759796824?source=cve\nhttps://builderius.io/cpo/",
    "id": "CVE-2025-10412",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "MooMoo Product Options and Price Calculation Formulas for WooCommerce \u2013 Uni CPO (Premium) *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Product Options and Price Calculation Formulas for WooCommerce \u2013 Uni CPO (Premium)",
    "version": "*",
    "vendor": "MooMoo",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.54 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file'_CVE-2025-10412