Path Traversal Vulnerability in WooCommerce One Page Checkout
CVE-2023-35881

7.6HIGH

Key Information:

Vendor: WordPress
Status: WooCommerce One Page Checkout
Vendor: CVE Published:; 17 May 2024

What is CVE-2023-35881?

A path traversal vulnerability exists in the WooCommerce One Page Checkout plugin, which may allow attackers to include local files via PHP file inclusion. This flaw can potentially expose sensitive information and compromise the website's security. Users of affected versions, particularly those using versions up to and including 2.3.0, should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

WooCommerce One Page Checkout <= 2.3.0

References

https://patchstack.com/database/vulnerability/woocommerce...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Jun 19, 2023

Credit

Rafie Muhammad (Patchstack)