{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/csv-importer-3.3.6/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2018-25325"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["CSV Importer 3.3.6"],"_cs_severities":["high"],"_cs_tags":["path-traversal","file-deletion","wordpress"],"_cs_type":"advisory","_cs_vendors":["Woocommerce"],"content_html":"\u003cp\u003eWooCommerce CSV Importer version 3.3.6 is vulnerable to a path traversal vulnerability (CVE-2018-25325). This flaw allows any registered user, even those with low privileges, to delete arbitrary files on the server. The vulnerability is triggered via the \u003ccode\u003edelete_export_file\u003c/code\u003e AJAX action, where the \u003ccode\u003efilename\u003c/code\u003e parameter is not properly sanitized. By crafting a POST request with directory traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e), an attacker can bypass intended directory restrictions and delete sensitive files such as \u003ccode\u003ewp-config.php\u003c/code\u003e. This vulnerability poses a significant risk to WordPress installations using the affected plugin.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker registers an account on the WordPress site if one does not exist.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the \u003ccode\u003edelete_export_file\u003c/code\u003e AJAX action as a target for manipulation.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a POST request to \u003ccode\u003ewp-admin/admin-ajax.php\u003c/code\u003e with the action set to \u003ccode\u003edelete_export_file\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a \u003ccode\u003efilename\u003c/code\u003e parameter containing a path traversal sequence, such as \u003ccode\u003e../../../../wp-config.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe server-side code, lacking proper input validation, processes the request and attempts to delete the file specified by the crafted filename.\u003c/li\u003e\n\u003cli\u003eDue to the path traversal, the server deletes a file outside of the intended export directory.\u003c/li\u003e\n\u003cli\u003eIf the attacker successfully targets critical files like \u003ccode\u003ewp-config.php\u003c/code\u003e, the WordPress site may become unstable or inaccessible.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to arbitrary file deletion on the server hosting the WordPress site. An attacker could delete critical configuration files like \u003ccode\u003ewp-config.php\u003c/code\u003e, rendering the website unusable. The CVSS v3.1 base score for this vulnerability is 7.5, indicating a high severity. While the provided source doesn\u0026rsquo;t list specific victim counts or sectors, the widespread use of WooCommerce makes this vulnerability a significant threat.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of the WooCommerce CSV Importer that addresses the path traversal vulnerability (CVE-2018-25325).\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule \u0026ldquo;Detect CVE-2018-25325 Exploitation — WooCommerce CSV Importer Path Traversal\u0026rdquo; to detect malicious POST requests attempting to exploit this vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003ewp-admin/admin-ajax.php\u003c/code\u003e with the \u003ccode\u003edelete_export_file\u003c/code\u003e action and filenames containing directory traversal sequences (\u003ccode\u003e../\u003c/code\u003e) to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-17T13:18:42Z","date_published":"2026-05-17T13:18:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-woocommerce-path-traversal/","summary":"WooCommerce CSV Importer 3.3.6 contains a path traversal vulnerability (CVE-2018-25325) that allows registered users to delete arbitrary files by submitting crafted filenames via the delete_export_file AJAX action.","title":"WooCommerce CSV Importer Path Traversal File Deletion (CVE-2018-25325)","url":"https://feed.craftedsignal.io/briefs/2026-05-woocommerce-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — CSV Importer 3.3.6","version":"https://jsonfeed.org/version/1.1"}