๐Ÿ” CVE Alert

CVE-2024-33566

CRITICAL 10.0

WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability

CVSS Score
10.0
EPSS Score
0.0%
EPSS Percentile
0th

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.

CWE CWE-862
Vendor n-media
Product orderconvo
Published Apr 29, 2024
Last Updated Apr 28, 2026
Stay Ahead of the Next One

Get instant alerts for n-media orderconvo

Be the first to know when new critical vulnerabilities affecting n-media orderconvo are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

N-Media / OrderConvo
n/a โ‰ค 12.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/vulnerability/admin-and-client-message-after-order-for-woocommerce/wordpress-orderconvo-plugin-12-4-unauthenticated-api-access-to-arbitrary-file-upload-vulnerability?_s_id=cve

Credits

Rafie Muhammad (Patchstack)