CVE-2018-25325

Name of the Vulnerable Software and Affected Versions Woocommerce CSV Importer version 3.3.6

Description A path traversal issue allows any registered user to delete arbitrary files. This occurs when unescaped filenames are submitted through the 'delete export file' AJAX action. An attacker can send POST requests containing directory traversal sequences in the filename parameter to delete sensitive files, such as wp-config.php, located outside the intended export directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.