After discovering an arbitrary file upload vulnerability in the plugin N-Media Post Front-end Form recently, we took a look at other plugins from the same developer and found that three other shared same the same vulnerable code. One of those was WooCommerce Extra Fields (which has now been renamed WooCommerce Product Addons).

The vulnerability was subsequently fixed in version 2.0. [Read more]