Arbitrary File Read in Woosa – Marktplaats for WooCommerce Plugin
CVE-2026-7547

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Woosa – Marktplaats For WooCommerce
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-7547?

The Woosa – Marktplaats for WooCommerce plugin for WordPress has a vulnerability that allows authenticated users with Administrator access to exploit insufficient path sanitization in the render_logs_ui() function. This vulnerability arises when the plugin accepts a base64-encoded file name from the 'log_file' GET parameter and concatenates it with the log directory path. Without proper validation, attackers can manipulate this path to read sensitive files from the server, potentially exposing critical information such as the wp-config file.

Affected Version(s)

Woosa – Marktplaats for WooCommerce 0 <= 2.0.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/integration-ma...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

Abhirup Konwar

CVE-2026-7547 Data

JSON