Filtered by vendor Woocommerce-csvimport
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25325 | 1 Woocommerce-csvimport | 1 Woocommerce Csv-importer | 2026-05-17 | 7.5 High |
| Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename parameter to delete sensitive files like wp-config.php outside the intended export directory. | ||||
Page 1 of 1.