What the vulnerability does
01Description
Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9.
Explanation of Vulnerability in Simple Terms
Open Close WooCommerce Store versions up to 4.9.9 contain a vulnerability allowing authenticated users with low privileges to read sensitive data, modify site content, or disrupt service. The flaw requires a valid user account but no special interaction. Site administrators should update immediately to a version newer than 4.9.9.
What an attacker can do
Read sensitive data, modify content, or disrupt the site's availability.
Potential impact on your site
Authenticated users can access confidential information, alter store data, or cause downtime.
Conditions required to exploit
Attacker needs a valid user account with low-level privileges.
Key dates
External resources
Related vulnerabilities