PT-2025-43584 · Unknown+1 · Pricom - Printing Company & Design Services+1
Tonn
·
Published
2025-10-24
·
Updated
2026-02-17
·
CVE-2025-6440
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WooCommerce Designer Pro versions up to and including 1.9.26
Description
The WooCommerce Designer Pro plugin for WordPress is affected by a critical issue allowing arbitrary file uploads. This is due to missing file type validation within the
wcdp save canvas design ajax function. Unauthenticated attackers can exploit this to upload arbitrary files to the server, potentially leading to remote code execution. Over 5,400 instances are estimated to be vulnerable. The plugin is commonly used with the Pricom - Printing Company & Design Services WordPress theme.Recommendations
Update WooCommerce Designer Pro to a version newer than 1.9.26.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pricom - Printing Company & Design Services
Woocommerce Designer Pro