Critical Vulnerability Information 1. File Path Source Code Path: 2. Version Information Version: 2.8.0 Author: Pluggabl LLC. Package Name: Booster_For_WooCommerce/shortcodes 3. Key Functions : Constructor function that initializes various properties and options for the product add form. : Initializes attribute values and validates user input data. : Core function for adding a new product, handling various product attributes and metadata. : Validates parameters for adding a product, ensuring required fields are not empty. 4. Potential Security Issues Unvalidated User Input: - Critical fields such as , are directly retrieved from and processed, potentially exposing the system to SQL injection or XSS attacks. Insufficient File Upload Validation: - Although file type validation exists (via the variable), there may still be bypass risks. 5. Security Measures in Code File Upload Type Restrictions: - restricts allowed file types to , , , , , , . Data Validation: - The function is used to validate and sanitize user input to some extent. 6. Other Notes Business Logic Vulnerability: - In the function, if a user-provided product ID already exists, there is no detailed error handling for such anomalies, which may lead to logical inconsistencies in the program. This information can assist in further analyzing and evaluating the security of the plugin and its potential risks.