File Manipulation Vulnerability in WooCommerce PDF Vouchers
CVE-2024-39651

8.6HIGH

Key Information:

Vendor: WordPress
Status: WooCommerce PDF Vouchers
Vendor: CVE Published:; 13 August 2024

Summary

A path traversal vulnerability in the WPWeb WooCommerce PDF Vouchers plugin allows attackers to manipulate files outside the intended directory. This security flaw could enable unauthorized access to sensitive files, potentially compromising the integrity of the system. The issue affects all versions of the WooCommerce PDF Vouchers plugin prior to 4.9.5. Operators of WooCommerce sites that utilize this plugin should take immediate steps to update to the latest version to safeguard against potential exploitation.

Affected Version(s)

WooCommerce PDF Vouchers < 4.9.5

References

https://patchstack.com/database/vulnerability/woocommerce...

vdb-entry

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 26, 2024

Credit

Dave Jong (Patchstack)