CVE-2025-14301

Name of the Vulnerable Software and Affected Versions Integration Opvius AI for WooCommerce plugin for WordPress versions up to and including 1.3.0

Description The Integration Opvius AI for WooCommerce plugin for WordPress is susceptible to a Path Traversal issue. This is caused by the process table bulk actions() function failing to properly validate user-supplied file paths, lacking authentication checks and nonce verification. An unauthenticated attacker can exploit this by manipulating the wsaw-log[] POST parameter to delete or download arbitrary files on the server, potentially including critical files like wp-config.php or sensitive configuration files.

Recommendations Update Integration Opvius AI for WooCommerce plugin for WordPress to a version later than 1.3.0.