woocommerce/woocommerce wordpress plug-in is vulnerable to directory traversal. A lack of validation in the $file
parameter in class-wc-log-handler-file.php
allows a remote attacker to delete arbitrary files outside of the log directory using the ../
characters. When combined with a design flaw in Wordpress, a remote attacker is able to escalate privileges to Admin
by removing the file woocommerce.php
, which would consequently allow the attacker to execute arbitrary commands in the system.
CPE | Name | Operator | Version |
---|---|---|---|
woocommerce/woocommerce | le | 3.5.0-rc.1 | |
woocommerce/woocommerce | le | 3.4.5 |