PT-2025-39621 · Harutheme · Woocommerce Designer Pro

Bonds

Published

2025-09-26

Updated

2025-09-27

CVE-2025-60219

CVSS v3.1

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

**Name of the Vulnerable Software and Affected Versions**

HaruTheme WooCommerce Designer Pro versions through 1.9.24

**Description**

The software contains a flaw that permits unrestricted file uploads, potentially allowing an attacker to upload a web shell to a web server. This could lead to unauthorized access and control of the system. The issue does not require authentication.

**Recommendations**

Update WooCommerce Designer Pro to a version later than 1.9.24.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-60219

Affected Products

Woocommerce Designer Pro

PT-2025-39621 · Harutheme · Woocommerce Designer Pro

Weakness Enumeration

Related Identifiers

Affected Products

References · 5