Unauthenticated File Download Vulnerability in WordPress WooCommerce Scraper Plugin
CVE-2025-69131

7.5HIGH

Key Information:

Vendor: WordPress
Status: WordPress & WooCommerce Scraper Plugin, Import Data From Any Site
Vendor: CVE Published:; 16 June 2026

What is CVE-2025-69131?

A significant security flaw exists in the WooCommerce Scraper Plugin for WordPress, specifically in versions up to 1.0.7. This vulnerability allows unauthenticated users to exploit the plugin, leading to the arbitrary download of files from the server. Attackers can leverage this weakness to access sensitive files, potentially compromising the security of affected websites.

Affected Version(s)

WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7

References

https://patchstack.com/database/wordpress/plugin/wp_scrap...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Dec 29, 2025

Credit

Bonds | Patchstack Bug Bounty Program

CVE-2025-69131 Data

JSON