AI Score
Confidence
Low
EPSS
Percentile
76.5%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have “if (!defined(‘ABSPATH’)) {exit;}” code
[
{
"cpes": [
"cpe:2.3:a:automattic:woocommerce:*:*:*:*:*:wordpress:*:*"
],
"vendor": "automattic",
"product": "woocommerce",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.6"
}
],
"defaultStatus": "unknown"
}
]