Local File Inclusion Vulnerability in Woocommerce Category and Products Accordion Panel for WordPress
CVE-2025-11722

7.5HIGH

Key Information:

Vendor

WordPress
Status
WooCommerce Category And Products Accordion Panel
Vendor
CVE Published:
15 October 2025

What is CVE-2025-11722?

The Woocommerce Category and Products Accordion Panel plugin for WordPress is affected by a Local File Inclusion vulnerability that allows authenticated attackers, possessing Contributor-level access or higher, to include and execute arbitrary PHP files on the server. Exploiting this issue enables the execution of malicious PHP code, which could lead to unauthorized access, data leakage, or compromise of the entire web application. The vulnerability exploits the 'categoryaccordionpanel' shortcode in version 1.0 and below, allowing a potential bypass of access controls with the inclusion of arbitrary .php files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Woocommerce Category and Products Accordion Panel * <= 1.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/accordion-pane...
https://plugins.trac.wordpress.org/browser/accordion-pane...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhammad Yudha - DJ
JSON
.