CVE-2024-12861

Name of the Vulnerable Software and Affected Versions W2S – Migrate WooCommerce to Shopify plugin for WordPress versions up to, and including, 1.2.1

Description The issue allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server via the 'viw2s view log' AJAX action. This can potentially expose sensitive information.

Recommendations For versions up to, and including, 1.2.1, update to a version higher than 1.2.1 to resolve the issue. As a temporary workaround, consider disabling the viw2s view log AJAX action until a patch is available. Restrict access to the plugin to minimize the risk of exploitation.