Skip to main content

Tax Exempt WooCommerce CVE-2026-49779

| EUVDEUVD-2026-41341 MEDIUM
Path Traversal: '.../...//' (CWE-35)
2026-07-02 Patchstack GHSA-3wjp-774c-xvqr
6.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Exploitable over the network by any customer-role user (PR:L) with no interaction; read-only file access means confidentiality impact only, no integrity or availability effects.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 02, 2026 - 12:37 vuln.today
CVE Published
Jul 02, 2026 - 11:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.

AnalysisAI

Path traversal in the Tax Exempt for WooCommerce plugin (versions <= 1.9.3) by Addify enables authenticated customer-level users to read arbitrary files from the server's filesystem. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, as a low-privileged account (a standard customer/shopper) can traverse directory boundaries to access sensitive files such as wp-config.php containing database credentials. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register or obtain a WooCommerce customer account
Delivery
Identify plugin-exposed file-path parameter
Exploit
Inject directory traversal sequences (e.g., ../../wp-config.php)
Execution
Plugin processes unsanitized path
Persist
Server returns contents of targeted file
Impact
Extract credentials or sensitive configuration data

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid WooCommerce customer-level account on the target site, consistent with PR:L in the CVSS vector - any user who can register as a shopper on the store qualifies. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N indicates network-reachable exploitation with low attack complexity and only a low-privilege customer account required, with no user interaction needed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker creates or uses an existing customer account on a WooCommerce store running Tax Exempt for WooCommerce <= 1.9.3, then submits a crafted request containing directory traversal sequences (e.g., '../../wp-config.php') to a plugin-exposed endpoint that processes file paths. The server reads and returns the contents of the targeted file, disclosing database credentials or other sensitive configuration data the attacker can use to escalate their access.
Remediation The primary remediation is to update the Tax Exempt for WooCommerce plugin beyond version 1.9.3. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49779 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy