Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Network-reachable WordPress endpoint with low complexity; Patchstack scopes it to Subscriber role so PR:L not PR:N; arbitrary file read yields C:H, no write or DoS so I:N/A:N.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
AnalysisAI
Arbitrary file download in the WooCommerce Book Price WordPress plugin (versions 1.3 and earlier) allows remote attackers to retrieve arbitrary files from the underlying server filesystem via path traversal. The CVSS vector indicates network-reachable exploitation without authentication or user interaction, yielding high confidentiality impact with no integrity or availability effects. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The vulnerable target must be a WordPress site with the WooCommerce Book Price plugin (by wpos) installed and active at version 1.3 or earlier, and the plugin's file-download endpoint must be reachable by the attacker. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free Subscriber account on a WordPress site running WooCommerce Book Price ≤ 1.3 (or, if the endpoint truly requires no auth as the CVSS PR:N suggests, skips this step), then issues a single crafted GET/POST request to the plugin's file-download handler with a traversal payload such as file=../../../../wp-config.php. The server returns the file contents, exposing database credentials, WordPress secret keys and any other readable files on the host, which the attacker then uses to pivot to full site takeover via direct database access. |
| Remediation | Upstream fix available per Patchstack advisory; a released patched version is not independently confirmed from the supplied references, so administrators should consult the Patchstack entry at https://patchstack.com/database/wordpress/plugin/woo-book-price/vulnerability/wordpress-woocommerce-book-price-plugin-1-3-arbitrary-file-download-vulnerability and upgrade to any release strictly newer than 1.3 once published by the wpos vendor. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all WordPress installations using WooCommerce Book Price plugin and verify version; immediately disable the plugin as a temporary containment measure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37656