Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Network-accessible unauthenticated endpoint with no complexity barrier warrants AV:N/AC:L/PR:N/UI:N; impact is directory listing only, so C:L with I:N and A:N.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server.
AnalysisAI
Path traversal in Printcart Web to Print Product Designer for WooCommerce (all versions through 2.4.8) exposes arbitrary server directory listings to unauthenticated remote attackers with no interaction required. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial network-based exploitation against any internet-facing WooCommerce store running this plugin. A publicly available exploit exists via WPScan, materially lowering the technical barrier despite the Medium CVSS score of 5.3; no confirmed patched version is available at time of analysis.
Technical ContextAI
The affected product is a WordPress plugin providing web-to-print product design functionality for WooCommerce stores, identified by CPE cpe:2.3:a:unknown:printcart_web_to_print_product_designer_for_woocommerce:*:*:*:*:*:*:*:*. The vulnerability class is path traversal (CWE-22 is not formally assigned in the input data, but the description unambiguously describes this class), which occurs when user-supplied input used to construct filesystem paths is not sanitized against directory traversal sequences such as '../'. The plugin likely exposes an endpoint that accepts a path or filename parameter and returns filesystem content without validating that the resolved path remains within an intended root directory. The impact observed is directory listing - not file content retrieval - suggesting the endpoint may invoke a directory enumeration function rather than a direct file read, though directory listings themselves can expose sensitive path structures including configuration files, backup archives, or credential files that facilitate chained attacks.
RemediationAI
No vendor-released patch has been identified at time of analysis - the affected version range extends through 2.4.8 with no confirmed fix version in any available source (WPScan, NVD, VulDB, or EUVD). The primary recommended action is to deactivate and remove the Printcart Web to Print Product Designer for WooCommerce plugin immediately until a patched version is released and confirmed by the vendor. As a compensating control, deploy WAF rules that block requests containing path traversal sequences (e.g., '../', '%2e%2e%2f', URL-encoded variants) targeting this plugin's endpoints; note this may affect legitimate plugin functionality. Additionally, configure web server directory listing to be disabled at the server level (e.g., 'Options -Indexes' in Apache, 'autoindex off' in nginx) to reduce exposure even if traversal succeeds. Monitor web server access logs for traversal-pattern requests to plugin endpoints. Check the WPScan advisory at https://wpscan.com/vulnerability/0cff6fb3-339b-4eb6-969b-b3a43613cc71/ and VulDB entry at https://vuldb.com/vuln/374124 for patch availability updates.
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210347
GHSA-mm7w-7c83-99xv