What the vulnerability does
01Description
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Explanation of Vulnerability in Simple Terms
02Summary
StoreEngine versions up to 1.5.0 contain a path traversal vulnerability that allows authenticated users to read arbitrary files from the server. An attacker with low-level access can bypass directory restrictions and access sensitive files outside the intended application directory. This exposes configuration files, database credentials, and other confidential data stored on the server.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server, including configuration and credential files.
Potential impact on your site
04Site Impact
Sensitive files and credentials stored on the server may be exposed to authenticated users.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with low-level privileges; no user interaction required.
Key dates
06Disclosure timeline
September 17, 2025
CVE published
April 8, 2026
Record updated