PT-2025-44586 · WordPress · Woocommerce Designer Pro
István Márton
·
Publicado
2025-10-31
·
Atualizado
2026-04-23
·
CVE-2025-10897
CVSS v3.1
8.6
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WooCommerce Designer Pro versions up to and including 1.9.28
Description
The WooCommerce Designer Pro theme for WordPress is susceptible to an arbitrary file read issue. This allows unauthenticated attackers to read arbitrary files on the server. A specific file mentioned as potentially exposed is
wp-config.php, which may contain database credentials. The issue is due to a vulnerable endpoint or function that allows unauthorized file access.Recommendations
Update WooCommerce Designer Pro to a version beyond 1.9.28.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Woocommerce Designer Pro