CVE-2025-4602

Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager for WooCommerce plugin for WordPress versions 1.2.5 and earlier

Description The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, via the get file() function. This is exploitable in default configurations where the default password is left as 1:1, or where the attacker gains access to the credentials.

Recommendations For versions 1.2.5 and earlier, update to a version later than 1.2.5 to resolve the issue. As a temporary workaround, consider changing the default password to a secure one and restricting access to the get file() function until a patch is available.