PT-2025-47266 · Unknown+1 · Woocommerce+1
Published
2025-11-18
·
Updated
2025-11-23
·
CVE-2025-13088
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Woocommerce Tabs plugin for WordPress versions prior to 1.1
Description
The Category and Product Woocommerce Tabs plugin for WordPress is susceptible to Local File Inclusion due to inadequate input validation on the
template parameter within the categoryProductTab() function. This allows authenticated attackers with contributor-level access or higher to include and execute arbitrary .php files on the server.Recommendations
Update the Woocommerce Tabs plugin to version 1.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Woocommerce
Woocommerce Tabs