The vulnerability is a missing authorization check (CWE‑862) in Imaginate Solutions File Uploads Addon for WooCommerce. The plugin’s file upload handler does not enforce proper authentication, allowing users to trigger uploads without appropriate permissions. The CVE text states that this flaw can be exploited by incorrectly configured access control security levels, potentially allowing attackers to place arbitrary files in the WordPress upload directory. It is inferred that such uploaded content could be used for further attacks if the server later executes or serves the files.

Any WordPress site that has installed the File Uploads Addon for WooCommerce plugin from its earliest public release up to and including version 1.7.3 is affected. The CVE record specifies no constraints on operating system or WordPress core version, so all installations running those plugin versions are at risk.

The CVSS score of 5.3 classifies the flaw as medium severity, while the EPSS score of less than 1 % indicates a very low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Targeted exploitation would involve accessing the plugin’s upload endpoint; it is inferred that attackers would likely target sites that expose this endpoint to unauthenticated or insufficiently privileged users, thereby lowering the practical exposure compared to a site that restricts upload access.