CVE-2017-17058

Name of the Vulnerable Software and Affected Versions WooCommerce plugin versions 3.x

Description The issue concerns a Directory Traversal vulnerability via the /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which could potentially access a parent directory. However, a software maintainer notes that Directory Traversal is not possible due to the presence of if (!defined('ABSPATH')) {exit;} code in all template files.

Recommendations For WooCommerce plugin versions 3.x, consider restricting access to the /wp-content/plugins/woocommerce/templates/emails/plain/ URI to minimize potential risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.