Local File Inclusion Vulnerability in WPC Product Options for WooCommerce by WPClever
CVE-2025-60248

Currently unrated

Key Information:

Vendor

WordPress
Status
WPc Product Options For WooCommerce
Vendor
CVE Published:
6 November 2025

What is CVE-2025-60248?

The WPC Product Options for WooCommerce plugin is susceptible to a PHP Local File Inclusion vulnerability, allowing attackers to potentially include local files. This could lead to unauthorized access to sensitive information on the server. Versions of the plugin up to and including 1.8.6 are affected. Securing your site against such vulnerabilities is crucial to maintain its integrity and protect sensitive data.

Affected Version(s)

WPC Product Options for WooCommerce <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wpc-...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Martino Spagnuolo (r3verii) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-60248 : Local File Inclusion Vulnerability in WPC Product Options for WooCommerce by WPClever