Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Administrator authentication is explicitly required (PR:H); the log viewer is network-accessible via admin dashboard (AV:N); only confidentiality is impacted via arbitrary file read.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Woosa - Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the render_logs_ui() function, which accepts a base64-encoded file name from the 'log_file' GET parameter and concatenates it directly with the plugin's log directory path without validating that the resolved path remains within the intended directory. This makes it possible for authenticated attackers, with Administrator-level access, to read the contents of arbitrary files on the server, including wp-config.
AnalysisAI
Arbitrary file read via path traversal in the Woosa - Marktplaats for WooCommerce WordPress plugin (versions up to and including 2.0.4) permits authenticated WordPress administrators to escape the plugin's log directory and access any file readable by the web server process, including the sensitive wp-config.php file. The flaw exists in the render_logs_ui() function within class-module-logger-hook-settings.php, which decodes a base64-supplied filename from the log_file GET parameter and concatenates it with the log directory path without any boundary enforcement. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated WordPress session with Administrator-level role privileges (confirmed by CVSS PR:H). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 3.1 score of 4.9 (Medium) reflects the real-world risk accurately given the PR:H requirement. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained WordPress administrator credentials - through phishing, credential stuffing, or a prior compromise - authenticates to the admin dashboard and navigates to the Woosa plugin's log viewer. They craft a GET request to the log viewer endpoint appending a base64-encoded path traversal string such as base64('../../wp-config.php') to the log_file parameter; the plugin decodes this value, concatenates it with the log directory path without validation, and returns the full contents of wp-config.php, disclosing the database hostname, username, password, and WordPress secret keys. … |
| Remediation | Vendor-released patch: version 2.0.5. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37981
GHSA-qg23-9w2r-h58w