What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export extendons-eo-wooimport-export allows Path Traversal.This issue affects WooCommerce csv import export: from n/a through <= 2.0.6.
Explanation of Vulnerability in Simple Terms
02Summary
The WooCommerce CSV Import Export plugin through version 2.0.6 contains a path traversal vulnerability that allows authenticated users to cause a denial of service by manipulating file paths during CSV import operations. An attacker with low-level access can disrupt site availability by targeting critical files. The vulnerability affects the entire site due to scope change.
What an attacker can do
03Attacker Capabilities
Make the site unavailable or unresponsive by triggering file operations on restricted paths.
Potential impact on your site
04Site Impact
Site downtime or performance degradation if an authenticated user exploits the path traversal during CSV import.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account (e.g., subscriber or contributor role) on the site.
Key dates
06Disclosure timeline
August 28, 2025
CVE published
April 28, 2026
Record updated