Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Unauthenticated network path traversal (PR:N/UI:N/AC:L); deletion of files outside the app crosses a security boundary (S:C) with high availability impact and no confidentiality loss.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through <= 3.1.0.
Articles & Coverage 1
AnalysisAI
Arbitrary file deletion in WP Swings' Membership For WooCommerce WordPress plugin (all versions up to and including 3.1.0) lets remote attackers delete files outside the intended directory via unsanitized path input. The CVSS vector (PR:N) indicates the flaw is reachable without authentication, and the scope-changed rating reflects that deletion of critical files (e.g., wp-config.php) can break or reset the entire WordPress site. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The affected site must be running WP Swings Membership For WooCommerce version 3.1.0 or earlier with the plugin active and its file-handling endpoint reachable over the network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are moderately strong but incomplete. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends a crafted HTTP request to the plugin's file-handling endpoint, supplying a path parameter containing directory-traversal sequences that point outside the plugin's intended directory. Because no credentials or user interaction are required (PR:N/UI:N), the attacker deletes a critical file such as wp-config.php, taking the WordPress site offline or forcing it into an installation/reset state. … |
| Remediation | No vendor-released patched version is identified in the available data - the advisory lists impact only through 3.1.0 with no confirmed fixed release - so treat this as unpatched and monitor the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/membership-for-woocommerce/vulnerability/wordpress-membership-for-woocommerce-plugin-3-1-0-arbitrary-file-deletion-vulnerability) and the plugin changelog for a release above 3.1.0, upgrading immediately when one appears. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: immediately disable or remove the vulnerable Membership For WooCommerce plugin from all affected WordPress installations and audit logs for any deletion activity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43364