PT-2025-44586 · WordPress · Woocommerce Designer Pro
István Márton
·
Published
2025-10-31
·
Updated
2026-04-23
·
CVE-2025-10897
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WooCommerce Designer Pro versions up to and including 1.9.28
Description
The WooCommerce Designer Pro theme for WordPress is susceptible to an arbitrary file read issue. This allows unauthenticated attackers to read arbitrary files on the server. A specific file mentioned as potentially exposed is
wp-config.php, which may contain database credentials. The issue is due to a vulnerable endpoint or function that allows unauthorized file access.Recommendations
Update WooCommerce Designer Pro to a version beyond 1.9.28.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Woocommerce Designer Pro