PT-2026-56323 · Sayantandas20 · Bulk Order Update For Woocommerce

Nthng

·

Publicado

2026-07-08

·

Atualizado

2026-07-08

·

CVE-2026-14500

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouw fetch csv data() AJAX handler being registered on the wp ajax nopriv hook with no capability or nonce check, and passing the attacker-supplied csv url POST parameter — filtered only by esc url raw() (which leaves absolute filesystem paths intact) and validate file() (which only rejects '..' traversal patterns) — directly into fopen()/fgetcsv() and reflecting the first parsed line in the JSON response. This makes it possible for unauthenticated attackers to read the first line of arbitrary files on the server (such as /etc/passwd) and to use the handler as a file-existence oracle.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-14500

Produtos afetados

Bulk Order Update For Woocommerce