Skip to main content

Woosa Marktplaats WooCommerce CVE-2026-7547

| EUVDEUVD-2026-37981 MEDIUM
Path Traversal (CWE-22)
2026-06-19 Wordfence GHSA-qg23-9w2r-h58w
4.9
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
4.9 MEDIUM

Administrator authentication is explicitly required (PR:H); the log viewer is network-accessible via admin dashboard (AV:N); only confidentiality is impacted via arbitrary file read.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 19, 2026 - 06:31 vuln.today
CVE Published
Jun 19, 2026 - 04:31 nvd
MEDIUM 4.9

DescriptionCVE.org

The Woosa - Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the render_logs_ui() function, which accepts a base64-encoded file name from the 'log_file' GET parameter and concatenates it directly with the plugin's log directory path without validating that the resolved path remains within the intended directory. This makes it possible for authenticated attackers, with Administrator-level access, to read the contents of arbitrary files on the server, including wp-config.

AnalysisAI

Arbitrary file read via path traversal in the Woosa - Marktplaats for WooCommerce WordPress plugin (versions up to and including 2.0.4) permits authenticated WordPress administrators to escape the plugin's log directory and access any file readable by the web server process, including the sensitive wp-config.php file. The flaw exists in the render_logs_ui() function within class-module-logger-hook-settings.php, which decodes a base64-supplied filename from the log_file GET parameter and concatenates it with the log directory path without any boundary enforcement. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain WordPress administrator credentials
Delivery
Authenticate to WP admin dashboard
Exploit
Craft GET request with base64-encoded path traversal in log_file parameter
Execution
render_logs_ui() decodes and concatenates unsanitized path
Persist
Web server reads arbitrary file outside log directory
Impact
Attacker receives file contents including wp-config.php credentials

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated WordPress session with Administrator-level role privileges (confirmed by CVSS PR:H). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 4.9 (Medium) reflects the real-world risk accurately given the PR:H requirement. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained WordPress administrator credentials - through phishing, credential stuffing, or a prior compromise - authenticates to the admin dashboard and navigates to the Woosa plugin's log viewer. They craft a GET request to the log viewer endpoint appending a base64-encoded path traversal string such as base64('../../wp-config.php') to the log_file parameter; the plugin decodes this value, concatenates it with the log directory path without validation, and returns the full contents of wp-config.php, disclosing the database hostname, username, password, and WordPress secret keys. …
Remediation Vendor-released patch: version 2.0.5. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-7547 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy