What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through <= 1.1.7.
Explanation of Vulnerability in Simple Terms
02Summary
Woo File Dropzone versions 1.1.7 and earlier contain a path traversal vulnerability that allows authenticated users to cause a denial of service by manipulating file paths. An attacker with low-level access can disrupt site availability by triggering resource exhaustion or file system errors. The vulnerability affects the file upload handling mechanism and impacts the entire application scope.
What an attacker can do
03Attacker Capabilities
Disrupt site availability by exploiting file path handling to exhaust resources or trigger errors.
Potential impact on your site
04Site Impact
Site may become unavailable or unresponsive due to resource exhaustion triggered through the file upload feature.
Conditions required to exploit
05Prerequisites
Attacker must have a low-level user account (e.g., subscriber or contributor role) on the site.
Key dates
06Disclosure timeline
February 20, 2026
CVE published
April 28, 2026
Record updated