CVE-2025-14301

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the

process table bulk actions()

function processing user-supplied file paths without authentication checks, nonce verification, or path validation. This makes it possible for unauthenticated attackers to delete or download arbitrary files on the server via the

wsaw-log[]

POST parameter, which can be leveraged to delete critical files like

wp-config.php

or read sensitive configuration files.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-14301

Affected Products

Integration Opvius Ai For Woocommerce

CVE-2025-14301

Weakness Enumeration

Related Identifiers

Affected Products

References · 6