CVE-2021-24212 - Woocommerce Help Scout
Critical 9.8
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.
Affected software
Woocommerce Help Scout