CVE-2024-9756

MEDIUM

Order Attachments for WooCommerce 2.0-2.4.1 - Authenticated Arbitrary File Upload via wcoa_add_attachment AJAX Action

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-9756. PoCs published by Nxploited, Boshe99.

AI-analyzed exploit summary This exploit leverages an authenticated arbitrary file upload vulnerability in the Order Attachments for WooCommerce plugin (versions 2.0 to 2.4.1). It allows users with Subscriber+ privileges to upload files via a vulnerable AJAX endpoint.

Description

The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types.

Exploits (2)

nomisec WORKING POC 1 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-9756

View Code ZIP pw:eip

This exploit leverages an authenticated arbitrary file upload vulnerability in the Order Attachments for WooCommerce plugin (versions 2.0 to 2.4.1). It allows users with Subscriber+ privileges to upload files via a vulnerable AJAX endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Order Attachments for WooCommerce (versions 2.0 to 2.4.1)

Auth required

Prerequisites: Valid WordPress credentials with Subscriber+ role · Vulnerable plugin installed on target

MITRE ATT&CK

T1552.001 - Credentials In Files T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-9756

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-9756, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the vulnerability by uploading a shell to a vulnerable endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: Vulnerable WordPress plugin installed · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (4)

Core 4

Core References

Product

https://plugins.trac.wordpress.org/browser/order-attachments-for-woocommerce/tags/2.4.0/src/WCOA/Attachments/Attachment.php

Product

https://plugins.trac.wordpress.org/browser/order-attachments-for-woocommerce/tags/2.4.0/src/WCOA/Utils/Ajax.php

Patch

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3167136%40order-attachments-for-woocommerce&new=3167136%40order-attachments-for-woocommerce&sfp_email=&sfph_mail=

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0dfc8957-78b8-4c55-ba95-52d95b086341?source=cve

Scores

CVSS v3 4.3

EPSS 0.0085

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

directsoftware/order_attachments_for_woocommerce 2.0 - 2.5.0

Published Oct 12, 2024

Tracked Since Feb 18, 2026