We are currently using the Product Add-Ons plugin and have identified a significant security issue with the file upload field. At the moment, users are able to upload any file type and any file size, which introduces a major security risk for our website and server.
For compliance and safe operation, we need to be able to strictly control what users can upload. Specifically, we require:
– File type restrictions — the ability to whitelist allowed file extensions (e.g., PDF, JPG, PNG, etc.) and block everything else.
– File size limits — the ability to set a maximum upload size per field (e.g., 5MB), and ideally show a friendly error message if the file is too large.
– (Optional but important) Server-side validation — ensuring restrictions are enforced on the server, not only in JavaScript, so they cannot be bypassed.
At the moment, without these controls, the file upload feature is not safe for production use. We are unable to continue using the plugin unless this functionality is added or corrected.
Can you please advise whether there are plans to implement file type and file size restrictions, or whether any workaround exists? This is an urgent requirement for our security team.
thank you
Best regards
Anna
Open
Last updated: November 28, 2025
0 comments
Log in to comment on this feature request.