Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitable over the network by any customer-role user (PR:L) with no interaction; read-only file access means confidentiality impact only, no integrity or availability effects.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
AnalysisAI
Path traversal in the Tax Exempt for WooCommerce plugin (versions <= 1.9.3) by Addify enables authenticated customer-level users to read arbitrary files from the server's filesystem. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, as a low-privileged account (a standard customer/shopper) can traverse directory boundaries to access sensitive files such as wp-config.php containing database credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid WooCommerce customer-level account on the target site, consistent with PR:L in the CVSS vector - any user who can register as a shopper on the store qualifies. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N indicates network-reachable exploitation with low attack complexity and only a low-privilege customer account required, with no user interaction needed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker creates or uses an existing customer account on a WooCommerce store running Tax Exempt for WooCommerce <= 1.9.3, then submits a crafted request containing directory traversal sequences (e.g., '../../wp-config.php') to a plugin-exposed endpoint that processes file paths. The server reads and returns the contents of the targeted file, disclosing database credentials or other sensitive configuration data the attacker can use to escalate their access. |
| Remediation | The primary remediation is to update the Tax Exempt for WooCommerce plugin beyond version 1.9.3. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-35 – Path Traversal: '.../...//'
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41341
GHSA-3wjp-774c-xvqr