What the vulnerability does
01Description
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
Explanation of Vulnerability in Simple Terms
WPC Product Options for WooCommerce versions up to 3.2.1 contain a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files from the server. An attacker can access sensitive files such as configuration files, database credentials, or other private data without needing to log in or interact with a user. This vulnerability requires only network access and can expose confidential information stored on the web server.
What an attacker can do
Read arbitrary files from the server, including configuration and credential files.
Potential impact on your site
Sensitive files (config, database credentials, private keys) may be exposed to unauthenticated attackers.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities