Firassaidi WooCommerce License Manager allows upload of malicious files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.1

Firassaidi WooCommerce License Manager allows upload of malicious files

CVE-2026-28114

Summary

A security issue in Firassaidi WooCommerce License Manager allows an attacker to upload malicious files to a web server, potentially leading to unauthorized access and control. This affects users of WooCommerce License Manager up to version 7.0.6. To protect your site, update to a patched version of the plugin or remove it until a fix is available.

Original title

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce L...

Original description

nvd CVSS3.1 9.1

Vulnerability type

CWE-434 Unrestricted File Upload

https://patchstack.com/database/Wordpress/Plugin/fs-license-manager/vulnerabilit...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026