CVE-2025-10897

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

CVE-2025-10897

The CVE-2025-10897 vulnerability affects the WooCommerce Designer Pro plugin for WordPress (versions up to and including 1.9.28). It allows unauthenticated arbitrary file reads, enabling an attacker to read server files such as wp-config.php and potentially exposed database credentials. Wordfence...

CVE-2025-10897 WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

WordPress WooCommerce Designer Pro plugin <= 1.9.28 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by István Márton in WordPress Plugin WooCommerce Designer Pro versions = 1.9.28...

Exploit for CVE-2025-6440

Description WooCommerce Designer Pro plugin for WordPress c...

WordPress plugin WooCommerce Designer Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-6440

Concrete details found for CVE-2025-6440: The WooCommerce Designer Pro plugin for WordPress (used by the Pricom theme) contains a critical Arbitrary File Upload flaw in the wcdp_save_canvas_design_ajax function, present in all versions up to and including 1.9.26. An unauthenticated attacker can u...

EUVD-2025-35804

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

PT-2025-43584

Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions up to and including 1.9.26 Description The WooCommerce Designer Pro plugin for WordPress is affected by a critical issue allowing arbitrary file uploads. This is due to missing file type validation within the...

WordPress WooCommerce Designer Pro plugin <= 1.9.26 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin WooCommerce Designer Pro versions = 1.9.26...

CVE-2025-6439 WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. Th...

WordPress plugin WooCommerce Designer Pro 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

CVE-2025-60219

The CVE-2025-60219 entry concerns HaruTheme WooCommerce Designer Pro (versions up to 1.9.24). The vulnerability is an Unrestricted Upload of File with Dangerous Type, enabling uploading of a web shell to the web server. Root cause centers on permissive file-type handling in the plugin’s upload me...

WordPress plugin WooCommerce Designer Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-39621

Name of the Vulnerable Software and Affected Versions HaruTheme WooCommerce Designer Pro versions through 1.9.24 Description The software contains a flaw that permits unrestricted file uploads, potentially allowing an attacker to upload a web shell to a web server. This could lead to unauthorized...

WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Bonds in WordPress Plugin WooCommerce Designer Pro versions = 1.9.24...