Directory Traversal Vulnerability in Order Export & Import Plugin for WooCommerce
CVE-2024-13920
4.9MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 20 March 2025
What is CVE-2024-13920?
The Order Export & Order Import plugin for WooCommerce is susceptible to a Directory Traversal vulnerability that allows authenticated users with Administrator-level access to exploit the download_file() function. This vulnerability can be leveraged to access arbitrary log files on the server, potentially exposing sensitive information that could compromise the integrity and confidentiality of the system.
Affected Version(s)
Order Export & Order Import for WooCommerce * <= 2.6.0