Skip to main content

WooCommerce Book Price CVE-2026-22334

| EUVDEUVD-2026-37656 HIGH
Path Traversal (CWE-22)
2026-06-17 Patchstack
7.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable WordPress endpoint with low complexity; Patchstack scopes it to Subscriber role so PR:L not PR:N; arbitrary file read yields C:H, no write or DoS so I:N/A:N.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 17, 2026 - 12:32 vuln.today
CVE Published
Jun 17, 2026 - 09:50 cve.org
HIGH 7.5

DescriptionCVE.org

Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.

AnalysisAI

Arbitrary file download in the WooCommerce Book Price WordPress plugin (versions 1.3 and earlier) allows remote attackers to retrieve arbitrary files from the underlying server filesystem via path traversal. The CVSS vector indicates network-reachable exploitation without authentication or user interaction, yielding high confidentiality impact with no integrity or availability effects. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or register Subscriber account
Delivery
Locate plugin file-download endpoint
Exploit
Submit path-traversal filename parameter
Execution
Server reads file outside intended directory
Persist
Exfiltrate wp-config.php and secrets
Impact
Reuse DB credentials for full site compromise

Vulnerability AssessmentAI

Exploitation The vulnerable target must be a WordPress site with the WooCommerce Book Price plugin (by wpos) installed and active at version 1.3 or earlier, and the plugin's file-download endpoint must be reachable by the attacker. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free Subscriber account on a WordPress site running WooCommerce Book Price ≤ 1.3 (or, if the endpoint truly requires no auth as the CVSS PR:N suggests, skips this step), then issues a single crafted GET/POST request to the plugin's file-download handler with a traversal payload such as file=../../../../wp-config.php. The server returns the file contents, exposing database credentials, WordPress secret keys and any other readable files on the host, which the attacker then uses to pivot to full site takeover via direct database access.
Remediation Upstream fix available per Patchstack advisory; a released patched version is not independently confirmed from the supplied references, so administrators should consult the Patchstack entry at https://patchstack.com/database/wordpress/plugin/woo-book-price/vulnerability/wordpress-woocommerce-book-price-plugin-1-3-arbitrary-file-download-vulnerability and upgrade to any release strictly newer than 1.3 once published by the wpos vendor. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all WordPress installations using WooCommerce Book Price plugin and verify version; immediately disable the plugin as a temporary containment measure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-22334 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy