6.5
CVE-2025-1911
- EPSS 0.19%
- Veröffentlicht 26.03.2025 11:55:52
- Zuletzt bearbeitet 09.07.2025 16:55:18
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
Mögliche Gegenmaßnahme
Product Import Export for WooCommerce – Import Export Product CSV Suite: Update to version 2.5.1, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Product Import Export for WooCommerce – Import Export Product CSV Suite
Version
* - 2.5.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webtoffee ≫ Product Import Export For Woocommerce SwPlatformwordpress Version < 2.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.416 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
|
| security@wordfence.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.