PT-2025-50304 · WordPress · Hippoo Mobile App For Woocommerce
Moose Love
·
Published
2025-12-10
·
Updated
2025-12-15
·
CVE-2025-13339
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hippoo Mobile App for WooCommerce plugin for WordPress versions up to and including 1.7.1
Description
The Hippoo Mobile App for WooCommerce plugin for WordPress contains a flaw that allows unauthorized access to server files. This is due to a path traversal issue within the
template redirect() function. An attacker does not need to be authenticated to exploit this issue and potentially read sensitive information stored on the server.Recommendations
Update the Hippoo Mobile App for WooCommerce plugin to a version later than 1.7.1.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hippoo Mobile App For Woocommerce