CVE-2025-60207

{"id": "CVE-2025-60207", "cveTags": [], "metrics": {}, "published": "2025-11-06T16:16:06.153", "references": [{"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/user-registration-plugin-for-woocommerce/vulnerability/wordpress-custom-user-registration-fields-for-woocommerce-plugin-2-1-2-arbitrary-file-upload-vulnerability", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2."}], "lastModified": "2025-11-06T19:45:09.883", "sourceIdentifier": "audit@patchstack.com"}