Skip to content
Threat Feed

Product

CSV Importer 3.3.6

1 brief RSS
high advisory

WooCommerce CSV Importer Path Traversal File Deletion (CVE-2018-25325)

WooCommerce CSV Importer 3.3.6 contains a path traversal vulnerability (CVE-2018-25325) that allows registered users to delete arbitrary files by submitting crafted filenames via the delete_export_file AJAX action.

CSV Importer 3.3.6 path-traversal file-deletion wordpress
2r 1t 1c